RHEL firewall

Date: 2022-12-15Last modified: 2023-02-17

firewalld is the default firewall on Red Hat Enterprise Linux.

Table of contents

List
Allow
Deny
Timeout
References

List

firewall-cmd --list-all

Possible output:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp3s0
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

Allow

Deny

Timeout

⚡ Tip

It is possible, especially on remote systems, that an incorrect setting results in a user locking themselves out of a machine. To prevent such situations, use the --timeout option. After a specified amount of time, any change reverts to its previous state. Using this options excludes the --permanent option.

For example, to add the SSH service for 15 minutes:

firewall-cmd --add-service=ssh --timeout 15m

References

Concepts and techniques to secure RHEL servers and workstations