firewall-cmd

firewall-cmd is the command line client of the firewalld daemon. It provides an interface to manage the runtime and permanent configurations.^[1]

The runtime configuration in firewalld is separated from the permanent configuration. This means that things can get changed in the runtime or permanent configuration.^[1]

firewalld Project Homepage [EN]

Documentation

man 1 'firewall-cmd' [EN]

Syntax

firewall-cmd [PARAMETER ...]

Parameters

Status Options

--runtime-to-permanent: Save active runtime configuration and overwrite permanent configuration with it. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you're happy with the configuration and you tested that it works the way you want, you save the configuration to disk.

Service Options

--list-services: List services added as a space separated list.
--remove-service=SERVICE: Remove a SERVICE. This option can be specified multiple times.

Options to Adapt and Query Zones and Policies

--list-ports: List ports added as a space separated list. A port is of the form PORT[-PORT]/PROTOCOL, it can be either a port and protocol pair or a port range with a protocol.
--remove-port=PORT[-PORT]/PROTOCOL: Remove the PORT. This option can be specified multiple times.

References

↑ ^1.0 ^1.1 Project contributors. "firewall-cmd." firewalld project. https://firewalld.org/documentation/man-pages/firewall-cmd.html (accessed 31.07.2025)

[project-1] 1.0 ^1.1 Project contributors. "firewall-cmd." firewalld project. https://firewalld.org/documentation/man-pages/firewall-cmd.html (accessed 31.07.2025)

[1]