What is FirewallD?

FirewallD allows users to control which network ports they want opened, or closed, to keep their system secure from unauthorized access. FirewallD is integrated with SystemD and NetworkManager, and supports IPv4, IPv6 and ethernet bridges. It also supports an interface for services and applications to add firewall rules directly. These settings can be controlled from the command-line, or with the firewall-config graphic-user-interface.

Do I have FirewallD on my system?

FirewallD is the default firewall service for current releases of Fedora and is enabled by default. To check if your system has FirewallD enabled, at the command-line, type:

sudo firewall-cmd --state

This command will show if it is running or not running

If FirewallD is not running, type:

sudo systemctl enable --now firewalld

This will enable the FirewallD service when booting the system, and immediately start the service.

If these commands do not work, FirewallD may not be installed. To install it, type:

sudo dnf install firewalld

To install the FirewallD graphical-user-interface application and open it from the command-line, type:

sudo dnf install firewall-config

sudo firewall-config

Opening and closing ports with FirewallD

Opening ports with FirewallD can be executed from the command-line without the need to edit configuration files. Ports can be opened using either the service name, or the port number. For example, to allow access to the SSH service, type:

sudo firewall-cmd --add-service ssh

If allowing access by the port number, it needs to be followed by the protocol whether it is TCP or UDP. To open SSH by its port, type:

sudo firewall-cmd --add-port=22/tcp

This will open the SSH port in runtime mode. Runtime mode means it will run the change temporarily and will revert back to its original state after reloading the FirewallD service, or after a system reboot. To keep the SSH port opened after a FirewallD service restart, or system reboot, include the --permanent option, type:

sudo firewall-cmd --permanent --add-service ssh

or by port number:

sudo firewall-cmd --permanent --add-port=22/tcp

To save the changes:

sudo firewall-cmd --reload

To block access to the SSH service:

sudo firewall-cmd --remove-service ssh

To block access by port number:

sudo firewall-cmd --remove-port=22/tcp

Again, add the --permanent option to make it persistent, and don’t forget to do firewall-cmd --reload to save the changes.

How can I see the services recognized by FirewallD?

To see a list of all the services recognized by FirewallD, type:

sudo firewall-cmd --get-services

To view a list of services "turned-on" in FirewallD, type:

sudo firewall-cmd --list-services

Additional Resources

For more information about configuring FirewallD, such as how to list and change zones, port forwarding, and other system administrative tasks, refer to the FirewallD documentation at firewalld.org, the Fedora Wiki: FirewallD.

You can also find local documentation by using firewall-cmd --help or the man pages: man firewalld