Firewalld

# Show the current state of the firewall
> firewall-cmd --state

# Get the default zone name
> firewall-cmd --get-default-zone

# List all active zones
> firewall-cmd --get-active-zones

# List all rules and zones
> firewall-cmd --list-all

# Get a list of all zones
> firewall-cmd --get-zones

# List all rules in the home zone
> firewall-cmd --zone=home --list-all

# Change the interface for the home zone
> firewall-cmd --zone=home --change-interface=eth0

# Set the default zone to home
> firewall-cmd --set-default-zone=home

# List all services
> firewall-cmd --get-services

# Add the http service to the public zone (runtime)
> firewall-cmd --zone=public --add-service=http

# List all services in the public zone (runtime)
> firewall-cmd --zone=public --list-services

# Make the addition of the http service permanent
> firewall-cmd --zone=public --add-service=http --permanent

# Convert runtime rules to permanent ones
> firewall-cmd --runtime-to-permanent

# List all permanent services in the public zone
> firewall-cmd --zone=public --list-services --permanent

# Add a port rule for TCP/5000 in the public zone (runtime)
> firewall-cmd --zone=public --add-port=5000/tcp

# Add a port range rule for UDP/4990-4999 in the public zone (runtime)
> firewall-cmd --zone=public --add-port=4990-4999/udp

# Create a new permanent zone named publicweb
> firewall-cmd --permanent --new-zone=publicweb

# Reload the firewall configuration
> firewall-cmd --reload

# List all zones again after reloading
> firewall-cmd --get-zones

# Add a source IP rule for 10.10.0.100/32 in the prometheus-access zone (permanent)
> firewall-cmd --zone=prometheus-access --add-source=10.10.0.100/32 --permanent

# Remove a source IP rule for 10.10.0.100/20 from the prometheus-access zone (permanent)
> firewall-cmd --zone=prometheus-access --remove-source=10.10.0.100/20 --permanent

# Add a port rule for TCP/9100 in the prometheus-access zone (permanent)
> firewall-cmd --zone=prometheus-access --add-port=9100/tcp  --permanent

# Use sudo to add or remove a port rule for TCP/9100
> sudo firewall-cmd --add-port=9100/tcp --permanent OR firewall-cmd --zone=public --remove-port=9100/tcp

# Allow port 5000 from 10.10.0.100
> firewall-cmd --zone=public \
  --add-rich-rule='rule family="ipv4" source address="10.10.0.100/32" port port="5000" protocol="tcp" accept'
Nitrokey 3
Nitrokey HSM
Docs

th.d

Title here

Firewalld
