Jump to content

firewall-cmd

From RaySoft

firewall-cmd is the command line client of the firewalld daemon. It provides an interface to manage the runtime and permanent configurations.[1]

The runtime configuration in firewalld is separated from the permanent configuration. This means that things can get changed in the runtime or permanent configuration.[1]

Documentation

Syntax

firewall-cmd [PARAMETER ...]

Parameters

Status Options
--runtime-to-permanent
Save active runtime configuration and overwrite permanent configuration with it. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you're happy with the configuration and you tested that it works the way you want, you save the configuration to disk.
Service Options
--list-services
List services added as a space separated list.
--remove-service=SERVICE
Remove a SERVICE. This option can be specified multiple times.
Options to Adapt and Query Zones and Policies
--list-ports
List ports added as a space separated list. A port is of the form PORT[-PORT]/PROTOCOL, it can be either a port and protocol pair or a port range with a protocol.
--remove-port=PORT[-PORT]/PROTOCOL
Remove the PORT. This option can be specified multiple times.

References

  1. 1.0 1.1 Project contributors. "firewall-cmd." firewalld project. https://firewalld.org/documentation/man-pages/firewall-cmd.html (accessed 31.07.2025)