firewall-cmd

Add firewall rules

• install the firewalld package.

  sudo dnf install -y firewalld
  

• enable and start firewalld on server startup.

  sudo systemctl enable firewalld
  sudo systemctl start firewalld
  

• configure firewall rules.

  sudo firewall-cmd --zone=public --permanent --add-service=http
  sudo firewall-cmd --zone=public --permanent --add-service=https
  sudo firewall-cmd --zone=public --add-service=pop3 --permanent
  sudo firewall-cmd --zone=public --add-service=pop3s --permanent
  sudo firewall-cmd --zone=public --add-service=smtp --permanent
  sudo firewall-cmd --zone=public --add-service=smtps --permanent
  sudo firewall-cmd --zone=public --add-service=imap --permanent
  sudo firewall-cmd --zone=public --add-service=imaps --permanent
  sudo firewall-cmd --reload
  

• Validate the result by checking the configured firewall rules.

  sudo firewall-cmd --zone=public --list-all
  

FirewallD zone target

source and interface are used to determine the zone.

• default: dropping everything that is not explicitely allowed. similar to REJECT, ICMP explicitly allowed
• ACCEPT: used in the trusted zone, every packet will be accepted. all settings except interface and source are ignored
• %%REJECT%%: target is used in the block zone, every packet will be rejected with the default firewalld reject type. all settings except interface and source are ignored
• DROP: used in the drop zone, every packet will be dropped. all settings except interface and source are ignored