Firewalld Cheatsheet

On Linux, iptables / nftables provide a kernel-level control for IP routing and filtering. iptables are non-persistent (will not survive a reboot). ufw builds upon iptables and provides a user-friendly interface for configuration. And then there’s the alternative, firewalld.

Here’s a cheat sheet for working with firewalld:

systemctl status firewalld , firewall-cmd --state. # Check if firewalld is enabled

firewall-cmd --list-ports  # Check if the port is already whitelisted
firewall-cmd --list-services  # Check for whitelisted services
firewall-cmd --get-services  # Lists the out-of-the-box known services

firewall-cmd --add-port=27017/tcp  # Add the MongoDB port to the whitelist (runtime)

firewall-cmd --runtime-to-permanent  # Make it permanent
#firewall-cmd --add-port=27017/tcp --permanent  
# With --permanent, the runtime is not affected - use --reload for the change to take effect

firewall-cmd --reload  # Reload the config

firewall-cmd --list-ports  # Check if the port is whitelisted

For setting up a listener to test the above…

sudo yum install -y nmap telnet
nc -l 27017  #On the listening server
telnet <hostname> 27017  #From another server
firewallcmd --add-service=mongodb  #Allow the connection to port 27017