FirewallD, a firewall solution for Linux systems, provides a dynamic and manageable way to set up and control firewall rules. One of its key features is the ability to list rules, which allows system administrators to understand and manage their firewall settings effectively. In this article, we will delve into the process of listing rules using FirewallD, its syntax, and the wealth of information it provides.

Before we dive into the specifics, let's briefly understand why listing rules is crucial. Firewall rules are the backbone of network security, controlling incoming and outgoing traffic based on predefined security parameters. Listing these rules enables administrators to verify the current firewall configuration, troubleshoot issues, and ensure that the system's security posture aligns with organizational policies.

Understanding FirewallD Rule Syntax
FirewallD uses a specific syntax to define rules. Understanding this syntax is crucial for listing and managing rules effectively. The basic syntax for a rule is as follows:

firewall-cmd --permanent --zone=zone --add-rule protocol service source port destination port
Here's a breakdown of the syntax:

firewall-cmd: The command-line tool for FirewallD.--permanent: Specifies that the rule should be added to the permanent configuration.--zone=zone: Specifies the zone to which the rule applies. Zones are used to group rules based on trust levels.--add-rule: Tells FirewallD to add a new rule.protocol: The protocol used for the connection, such as tcp, udp, or icmp.service: The service associated with the rule, like ssh, http, or dns.source: The source IP address or range for the rule.port: The port number for the rule.
Listing Rules with FirewallD
Now that we understand the basic syntax, let's look at how to list rules using FirewallD. The command to list rules is straightforward:

firewall-cmd --list-all-zones --permanent
This command lists all rules in all zones, including the permanent configuration. If you want to list rules for a specific zone, you can use the following command:
firewall-cmd --list-all --zone=zone --permanent

Here, replace zone with the name of the zone you're interested in, such as public, internal, or dmz.
Interpreting the Output




















When you run the firewall-cmd --list-all-zones --permanent command, you'll see output similar to the following:
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client
ports: 22/tcp
protocols:
forward-ports:
source-ports:
icmp-blocks:
rich rules:
The output provides a wealth of information about the firewall rules. It includes the active zone, the target policy, the interfaces associated with the zone, the sources and services allowed, and any custom rules defined.
Managing Rules with FirewallD
Listing rules is just one aspect of managing firewall settings with FirewallD. The tool also allows you to add, remove, and modify rules, as well as reload the firewall configuration to apply changes immediately.
Adding Rules
To add a rule, you can use the --add-rule option with the firewall-cmd command. For example, to add a rule allowing SSH connections from any source, you would use:
firewall-cmd --permanent --zone=public --add-service=ssh
This command adds a rule to the permanent configuration for the public zone, allowing SSH connections from any source.
Removing Rules
To remove a rule, you can use the --remove-rule option. For example, to remove the SSH rule we added earlier, you would use:
firewall-cmd --permanent --zone=public --remove-service=ssh
This command removes the SSH rule from the permanent configuration for the public zone.
In conclusion, understanding and managing firewall rules is a critical aspect of network security. FirewallD's ability to list rules provides system administrators with a powerful tool for verifying and managing their firewall settings. By leveraging FirewallD's command-line interface and understanding its syntax, administrators can ensure that their systems are protected by a robust and effective firewall.