Skip to the content
Cloudfanatic Knowledge baseCloudfanatic Knowledge base
  • Home
  • Log In
  • System Status
  • Home
  • Log In
  • System Status

How can we help?

e.g. ssh keys, set up mysql, ubuntu 22 mysql php nginx, account settings

Account Functions

  • Your Dashboard
  • Accessing your server for the first time
  • Controlling you instance
  • Cloudfanatic Operating systems and Rebuilding your instance
  • DNS Manager
  • Custom ISO images

Sales & Billing

  • Cloudfanatic Crypto Payments
  • Frequently Asked Questions (FAQ)
  • Server billing
  • Automatic billing for your account
  • Server Upgrades
  • Cloudfanatic Affiliate Program
  • Automated Server backups

News & Announcements

  • RockyLinux 9 now generally available for all instances
  • AlmaLinux 9 now generally available for all instances
  • Servercheap is now Cloudfanatic and more news
  • Ubuntu 22 now generally available for all instances
  • Cloudfanatic/Servercheap has been featured on HostAdvice
  • New 1-Click App – CyberPanel
  • New location: North Carolina
  • Cloudfanatic/Servercheap has been featured on Hostingadvice.com
  • Centos Stream now generally available for all instances
  • Cloudfanatic receives an additional new direct IP allocation from ARIN
  • Cloudfanatic is Introducing 1-Click Apps

Tutorials

  • Secure Apache with Let’s Encrypt on Ubuntu 22.04
  • Setup Apache and Virtual Hosts on Ubuntu 22
  • Change SSH Port on Almalinux
  • Change SSH Port on Debian 10/11
  • Change SSH Port on Ubuntu 20/22
  • Firewalld Cheat Sheet
  • Ubuntu UFW Cheat sheet
  • How to copy my files to and from a linux vps
  • Create passwordless login with SSH keys and PUTTY
  • Accessing your server for the first time
  • DNS Manager
  • Controlling you instance
  • Home
  • Docs
  • Tutorials
  • Firewalld Cheat Sheet

Firewalld Cheat Sheet

Table of Contents
  • Overview
  • Enable firewalld
  • Start firewalld
  • Stop firewalld
  • Restart firewalld
  • Firewalld status
  • Add a Port for TCP or UDP
  • Remove a Port for TCP or UDP
  • Add a Service
  • Remove a Service
  • Whitelist an IP Address or IP range
  • Remove a Whitelisted IP Address
  • Block an IP Address or IP range
  • Whitelist an IP Address for a Specific Port (More Rich Rules)
  • Removing a Rich Rule
  • Saving Firewall Rules
  • Viewing Firewall Rules
  • Further reading

Overview #

In some ways, firewalld is easier to manage and configure than iptables. There are, for the most part, no long series of chains, jumps, accepts and denies that you need to memorize to get firewalld up and running in a basic configuration. The rules are simple and straightforward, but there is no reason you cannot still have all the power that iptables gives you.

Firewalld uses the command line utility firewall-cmd to configure and manipulate rules.

Enable firewalld #

systemctl enable firewalld

Start firewalld #

systemctl start firewalld

Stop firewalld #

systemctl stop firewalld

Restart firewalld #

systemctl restart firewalld

Firewalld status #

systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-01-22 22:50:32 EST; 1h 0min ago
Main PID: 808 (firewalld)
CGroup: /system.slice/firewalld.service
└─808 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Add a Port for TCP or UDP #

firewall-cmd --permanent --add-port=22/TCP
firewall-cmd --permanent --add-port=53/UDP

Remove a Port for TCP or UDP #

firewall-cmd --permanent --remove-port=444/tcp

Add a Service #

firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=http

Remove a Service #

firewall-cmd --permanent --remove-service=mysql

Whitelist an IP Address or IP range #

firewall-cmd --permanent --add-source=192.168.1.100
firewall-cmd --permanent --add-source=192.168.1.0/24

Remove a Whitelisted IP Address #

firewall-cmd --permanent --remove-source=192.168.1.100

Block an IP Address or IP range #

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.100' reject"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.0/24' reject"

Whitelist an IP Address for a Specific Port (More Rich Rules) #

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept'

Removing a Rich Rule #

firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept'

Saving Firewall Rules #

firewall-cmd --reload

Viewing Firewall Rules #

firewall-cmd --list-all
public (default, active)
interfaces: enp1s0
sources: 192.168.1.0/24
services: dhcpv6-client dns http https mysql nfs samba smtp ssh
ports: 443/tcp 80/tcp 5900-5902/tcp 83/tcp 444/tcp 3260/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.1.0/24" forward-port port="5423" protocol="tcp" to-port="80"

Further reading #

Here is more information about firewalld from Fedora and from the firewalld.org website.

What are your Feelings
Share This Article :
  • Facebook
  • Twitter
  • LinkedIn
  • Pinterest
Still stuck? How can we help?

How can we help?

Updated on November 1, 2022
Change SSH Port on Ubuntu 20/22Ubuntu UFW Cheat sheet

Powered by BetterDocs

Table of Contents
  • Overview
  • Enable firewalld
  • Start firewalld
  • Stop firewalld
  • Restart firewalld
  • Firewalld status
  • Add a Port for TCP or UDP
  • Remove a Port for TCP or UDP
  • Add a Service
  • Remove a Service
  • Whitelist an IP Address or IP range
  • Remove a Whitelisted IP Address
  • Block an IP Address or IP range
  • Whitelist an IP Address for a Specific Port (More Rich Rules)
  • Removing a Rich Rule
  • Saving Firewall Rules
  • Viewing Firewall Rules
  • Further reading

2023 Cloudfanatic Knowledge base

To the top ↑ Up ↑