Ever found yourself in a situation where you need to understand the ruleset of your firewall, but the interface seems daunting? Fear not, as the Linux command-line tool 'firewall-cmd' is here to simplify your life. One of its most powerful features is the ability to list all the rules currently active in your firewall, which we'll explore in this guide.

Before we dive in, let's quickly understand what 'firewall-cmd' is. It's a command-line utility that provides a dynamic way to manage your firewall settings. It's particularly useful for managing iptables rules on systems that use firewalld, a firewall management system used in many Linux distributions.

Understanding the 'list ruleset' Command
The 'list ruleset' command is a core feature of 'firewall-cmd' that allows you to view all the rules currently active in your firewall. It provides a comprehensive overview of your firewall's settings, helping you understand what traffic is allowed or denied.

But why is this command so important? Knowing your firewall ruleset is crucial for network security. It helps you identify any potential security loopholes, understand which services are exposed to the network, and ensure that your firewall is configured correctly.
Basic Syntax and Usage

The basic syntax of the 'list ruleset' command is quite simple:
firewall-cmd --list-all-zones
This command lists all the rules for all zones. Zones in firewalld are a way to group rules based on the network interface they apply to. The most common zones are 'public', 'internal', and 'home'.

Viewing Rules for a Specific Zone
If you want to view the rules for a specific zone, you can do so by specifying the zone name:
firewall-cmd --list-all --zone=public

This command will list all the rules for the 'public' zone.
Interpreting the Output


















Now that you know how to use the 'list ruleset' command, let's understand how to interpret its output. The output is a list of rules, with each rule consisting of several fields:
Rule Fields
Each rule has the following fields:
- Service: The service for which the rule applies. This could be a predefined service like 'ssh' or a custom service.
- Source: The source IP address or range for which the rule applies.
- Port: The port number for which the rule applies. If not specified, the rule applies to all ports for the given service.
- Protocol: The protocol for which the rule applies. This could be 'tcp', 'udp', or 'all'.
- Action: The action to take when the rule matches. This could be 'accept' (allow traffic) or 'deny' (block traffic).
Here's an example of what the output might look like:
public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ports: 53/udp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
In this example, the rule allows incoming traffic on UDP port 53 for the 'dhcpv6-client' service from any source IP address.
Understanding Zone Targets
Each zone has a 'target' which determines the default policy for traffic that doesn't match any rules. The most common targets are:
- default: Deny incoming traffic and accept outgoing traffic.
- drop: Deny both incoming and outgoing traffic.
- accept: Accept both incoming and outgoing traffic.
Understanding the zone target is crucial as it provides the default policy for your firewall.
Managing Firewall Rules
Now that you understand how to list your firewall rules, let's briefly discuss how to manage them. 'firewall-cmd' provides a wide range of commands for adding, removing, and modifying rules. Some of the most common commands include:
Adding a Rule
To add a rule, you can use the 'firewall-cmd --add-rule' command. For example, to add a rule that allows incoming SSH traffic from any source IP address, you would use:
firewall-cmd --add-service=ssh --permanent --zone=public
Removing a Rule
To remove a rule, you can use the 'firewall-cmd --remove-rule' command. For example, to remove the SSH rule we added earlier, you would use:
firewall-cmd --remove-service=ssh --permanent --zone=public
Remember, changes made with the '--permanent' option will only take effect after you reload the firewall with 'firewall-cmd --reload'.
Understanding and managing your firewall ruleset is a critical aspect of network security. The 'firewall-cmd list ruleset' command is an invaluable tool for this purpose. Whether you're a seasoned Linux user or just starting out, mastering this command will greatly enhance your ability to manage your firewall effectively.
So, go ahead, explore your firewall ruleset, and stay secure!