Firewalld

netfilter is a framework for network traffic operations such as packet filtering, network address translation and port translation. The Linux kernel also includes nftables, a new filter and packet classification subsystem.

Firewalld is a dynamic firewall manager, a front end to the nftables framework.

Firewalld has pre-defined zones, each of which you can customize. Default configuration zones include trusted, home, internal, work, public, external, dmz, block and drop.

The firewalld service is controlled by systemd:

systemctl stop firewalld
systemctl start firewalld
systemctl status firewalld

Firewalld has several pre-defined services, including the essential being ssh.

Use the firewall-cmd command-line tool to configure firewall rules.

Examples:

firewall-cmd --get-default-zone
firewall-cmd --set-default-zone=public

firewall-cmd --permanent --add-service=ftp --zone=public
firewall-cmd --permanent --add-service=http --zone=public
firewall-cmd --permanent --add-service=ntp --zone=public
firewall-cmd --permanent --add-port=8080/tcp --zone=public

firewall-cmd --reload

firewall-cmd --list-all

Summary

The netfiltersubsystem allows kernel modules to inspect every packet traversing the system. All incoming, outgoing or forwarded network packets are inspected. The use of firewalld has simplified management by classifying all network traffic into zones. Each zone has its list of ports and services. The public zone is set as the default zone. The firewalld service has several pre-defined services. They can be listed using the firewall-cmd --get-services command.

Command References:

firewall-cmd, firewalld