Firewall Ruleset: List with firewall-cmd

Ever found yourself in a situation where you need to understand the ruleset of your firewall, but the interface seems daunting? Fear not, as the Linux command-line tool 'firewall-cmd' is here to simplify your life. One of its most powerful features is the ability to list all the rules currently active in your firewall, which we'll explore in this guide.

Home Network Firewall Rules: Minimal Allow/Block List That Still Works
Home Network Firewall Rules: Minimal Allow/Block List That Still Works

Before we dive in, let's quickly understand what 'firewall-cmd' is. It's a command-line utility that provides a dynamic way to manage your firewall settings. It's particularly useful for managing iptables rules on systems that use firewalld, a firewall management system used in many Linux distributions.

the fortgate firewall commands poster
the fortgate firewall commands poster

Understanding the 'list ruleset' Command

The 'list ruleset' command is a core feature of 'firewall-cmd' that allows you to view all the rules currently active in your firewall. It provides a comprehensive overview of your firewall's settings, helping you understand what traffic is allowed or denied.

the firewall testing checklist is shown in this screenshote screengrafion
the firewall testing checklist is shown in this screenshote screengrafion

But why is this command so important? Knowing your firewall ruleset is crucial for network security. It helps you identify any potential security loopholes, understand which services are exposed to the network, and ensure that your firewall is configured correctly.

Basic Syntax and Usage

the firewall testing checklist is displayed in this screenshote screen graber
the firewall testing checklist is displayed in this screenshote screen graber

The basic syntax of the 'list ruleset' command is quite simple:

firewall-cmd --list-all-zones

This command lists all the rules for all zones. Zones in firewalld are a way to group rules based on the network interface they apply to. The most common zones are 'public', 'internal', and 'home'.

a white piece of paper with writing on it and an image of a firewall diagram
a white piece of paper with writing on it and an image of a firewall diagram

Viewing Rules for a Specific Zone

If you want to view the rules for a specific zone, you can do so by specifying the zone name:

firewall-cmd --list-all --zone=public

Firewall Explained 🔥🛡️ | How It Protects Your Computer & Network
Firewall Explained 🔥🛡️ | How It Protects Your Computer & Network

This command will list all the rules for the 'public' zone.

Interpreting the Output

Advanced Firewall Configurations with ipset
Advanced Firewall Configurations with ipset
the internet and firewalls diagram shows how to use it in different areas of the world
the internet and firewalls diagram shows how to use it in different areas of the world
Types of Firewalls Explained: Every Computer Science Student Must Know
Types of Firewalls Explained: Every Computer Science Student Must Know
Firewall Explained: What Every Computer Science Student Must Know
Firewall Explained: What Every Computer Science Student Must Know
the router versus switch vs firewall info poster is shown in red and blue
the router versus switch vs firewall info poster is shown in red and blue
what is a firewall? info sheet with instructions on how to use the internet
what is a firewall? info sheet with instructions on how to use the internet
the router and firewall diagram is shown in red, white, and blue
the router and firewall diagram is shown in red, white, and blue
the real - time firewall troubleshooting checklist is shown in this screenshot
the real - time firewall troubleshooting checklist is shown in this screenshot
the firewall explanation is shown in this graphic above it's instructions for how to use
the firewall explanation is shown in this graphic above it's instructions for how to use
R-FILES | RDCTD
R-FILES | RDCTD
Linux Cheat Sheet
Linux Cheat Sheet
Linux Commands Cheat Sheet for Hackers & Developers (Must Know)🔥🚀
Linux Commands Cheat Sheet for Hackers & Developers (Must Know)🔥🚀
a blue and black poster with many different types of internet devices on it's sides
a blue and black poster with many different types of internet devices on it's sides
Commandes CMD Windows essentielles que vous devez connaître
Commandes CMD Windows essentielles que vous devez connaître
the top map commands are displayed in green and blue colors, with text below it
the top map commands are displayed in green and blue colors, with text below it
#itsupport #cmd #techtips #windowssupport | Badre Nagim
#itsupport #cmd #techtips #windowssupport | Badre Nagim
a black and white map with the names of different types of commands on it's side
a black and white map with the names of different types of commands on it's side
an info sheet with many different types of information on the page and numbers in each section
an info sheet with many different types of information on the page and numbers in each section

Now that you know how to use the 'list ruleset' command, let's understand how to interpret its output. The output is a list of rules, with each rule consisting of several fields:

Rule Fields

Each rule has the following fields:

  • Service: The service for which the rule applies. This could be a predefined service like 'ssh' or a custom service.
  • Source: The source IP address or range for which the rule applies.
  • Port: The port number for which the rule applies. If not specified, the rule applies to all ports for the given service.
  • Protocol: The protocol for which the rule applies. This could be 'tcp', 'udp', or 'all'.
  • Action: The action to take when the rule matches. This could be 'accept' (allow traffic) or 'deny' (block traffic).

Here's an example of what the output might look like:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: dhcpv6-client
  ports: 53/udp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

In this example, the rule allows incoming traffic on UDP port 53 for the 'dhcpv6-client' service from any source IP address.

Understanding Zone Targets

Each zone has a 'target' which determines the default policy for traffic that doesn't match any rules. The most common targets are:

  • default: Deny incoming traffic and accept outgoing traffic.
  • drop: Deny both incoming and outgoing traffic.
  • accept: Accept both incoming and outgoing traffic.

Understanding the zone target is crucial as it provides the default policy for your firewall.

Managing Firewall Rules

Now that you understand how to list your firewall rules, let's briefly discuss how to manage them. 'firewall-cmd' provides a wide range of commands for adding, removing, and modifying rules. Some of the most common commands include:

Adding a Rule

To add a rule, you can use the 'firewall-cmd --add-rule' command. For example, to add a rule that allows incoming SSH traffic from any source IP address, you would use:

firewall-cmd --add-service=ssh --permanent --zone=public

Removing a Rule

To remove a rule, you can use the 'firewall-cmd --remove-rule' command. For example, to remove the SSH rule we added earlier, you would use:

firewall-cmd --remove-service=ssh --permanent --zone=public

Remember, changes made with the '--permanent' option will only take effect after you reload the firewall with 'firewall-cmd --reload'.

Understanding and managing your firewall ruleset is a critical aspect of network security. The 'firewall-cmd list ruleset' command is an invaluable tool for this purpose. Whether you're a seasoned Linux user or just starting out, mastering this command will greatly enhance your ability to manage your firewall effectively.

So, go ahead, explore your firewall ruleset, and stay secure!