Firewalld – zone, service, and port management
The purpose of Firewalld is to replace the need for iptables and improve the management of security by enabling configuration changes without stopping the current connections. Firewalld runs as a daemon that allows for rules to be added and changed instantly and it uses network zones to define a level of trust for any and all associated network connections. For the troubleshooter, this does provide a range of flexible options but, more importantly, it is necessary to understand that, while a connection can only be a part of a single zone, a zone can be used across many network connections.
To know whether Firewalld is currently running, you can type:
# firewall-cmd --state
To list the predefined zones, you can use:
# firewall-cmd --get-zones
Note
These zones can be defined as:
drop
: In this zone, incoming network packets are dropped (with no reply), and only outgoing network connections are possibleblock
: In this zone, only network connections...