3.7.13.3. View the firewall settings using the CLI
To get a text display of the state of
firewalld
, enter the following command:
~]$ firewall-cmd --state
To view the list of active zones, with a list of the interfaces currently assigned to them, enter the following command:
~]$ firewall-cmd --get-active-zones
public: em1 wlan0
To find out the zone that an interface, for example
em1, is currently assigned to, enter the following command:
~]$ firewall-cmd --get-zone-of-interface=em1
public
To find out all the interfaces assigned to a zone, for example the public zone, enter the following command as root:
~]# firewall-cmd --zone=public --list-interfaces
em1 wlan0
This information is obtained from
NetworkManager and only shows interfaces not connections.
To find out all the settings of a zone, for example the public zone, enter the following command as root:
~]# firewall-cmd --zone=public --list-all
public
interfaces:
services: mdns dhcpv6-client ssh
ports:
forward-ports:
icmp-blocks: source-quench
To view the network zones currently active, enter the following command as root:
~]# firewall-cmd --get-service
cluster-suite pop3s bacula-client smtp ipp radius bacula ftp mdns samba dhcpv6-client dns openvpn imaps samba-client http https ntp vnc-server telnet libvirt ssh ipsec ipp-client amanda-client tftp-client nfs tftp libvirt-tls
This will list the names of the services in
/usr/lib/firewalld/services/
. Note that the configuration files themselves are named
service-name.xml
.
To view the network zones that will be active after the next firewall reload, enter the following command as root:
~]# firewall-cmd --get-service --permanent