Product SiteDocumentation Site

3.7.13.3. View the firewall settings using the CLI

To get a text display of the state of firewalld, enter the following command:
~]$  firewall-cmd --state
To view the list of active zones, with a list of the interfaces currently assigned to them, enter the following command:
~]$  firewall-cmd --get-active-zones
    public: em1 wlan0
To find out the zone that an interface, for example em1, is currently assigned to, enter the following command:
~]$  firewall-cmd --get-zone-of-interface=em1
public
To find out all the interfaces assigned to a zone, for example the public zone, enter the following command as root:
~]# firewall-cmd --zone=public --list-interfaces
     em1 wlan0
This information is obtained from NetworkManager and only shows interfaces not connections.
To find out all the settings of a zone, for example the public zone, enter the following command as root:
~]# firewall-cmd --zone=public --list-all
public
  interfaces: 
  services: mdns dhcpv6-client ssh
  ports: 
  forward-ports: 
  icmp-blocks: source-quench
To view the network zones currently active, enter the following command as root:
~]# firewall-cmd --get-service
    cluster-suite pop3s bacula-client smtp ipp radius bacula ftp mdns samba dhcpv6-client dns openvpn imaps samba-client http https ntp vnc-server telnet libvirt ssh ipsec ipp-client amanda-client tftp-client nfs tftp libvirt-tls
This will list the names of the services in /usr/lib/firewalld/services/. Note that the configuration files themselves are named service-name.xml.
To view the network zones that will be active after the next firewall reload, enter the following command as root:
~]# firewall-cmd --get-service --permanent