❑ The firewall service that makes iptables easy to use(firewalld.service).
❑ There are chains for firewalld in iptables.
❑ The different service from ufw.
❑ The default rule is deny.
❑ There are allow and deny chain. If there is a rule collision between the allow chain and the deny chain, the deny chain's rules get higher priority than another.
❑ To execute firewalld service without collision, shutdown ufw and clean up iptables chains.
1. # systemctl stop ufw
2. # systemctl mask ufw
3. # iptables -F
4. # systemctl restart firewalld
❑ The path storing the firewall rules : /etc/firewalld/zone/[Zone].xml
* The default zone is public.
❑ How to use
| Usage | Description |
| # systemctl [start|stop|restart] firewalld | Start/Stop the firewall daemon. |
| # firewall-cmd --list-all | Display all firewall rules. |
| # firewall-cmd --reload | Apply modified firewall rules. |
| # firewall-cmd --permanent --add-port=23-50/tcp | Append a firewall rule. |
| # firewall-cmd --permanent --remove-port=23-50/tcp | Delete a firewall rule. |
| # firewall-cmd --permanent --[add|remove]-rich-rule="rule family="[ipv4|ipv6]" [source|destination] address="[IP address|Subnet]" port protocol="[tcp|udp]" port="[Port number]" [accept|reject|drop]"
* e.g. # firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.200.141" port protocol="tcp" port="23" drop'
| Append/Delete a firewall rule using rich-rule. |
| Check environment | |||
| O S | Ubuntu 16.04 (64bit) | CPU | Intel i7-4710MQ 2.50GHz |
| SHELL | GNU bash (4.3.48) | RAM | 1 GB |