Securing your Red Hat Enterprise Linux (RHEL) system involves managing firewall rules effectively. RHEL provides a robust firewall service called firewalld, which uses iptables under the hood. Understanding and managing firewall rules is crucial for maintaining a secure environment. Let's delve into the essential commands and rules for managing your RHEL firewall.

Before we begin, ensure that the firewalld service is active and enabled. You can check its status with the following command:

Understanding Firewalld Zones
In RHEL, firewalld uses zones to define the trust level of network interfaces. Understanding these zones is crucial for creating effective firewall rules.

To list the available zones, use the following command:
Listing Available Zones

The command `firewall-cmd --get-zones` displays the list of predefined zones:
- drop: Drops all incoming traffic.
- block: Rejects incoming traffic with an icmp-host-prohibited message.
- public: Trusts no one. Only selected services are allowed.
- external: Similar to public, but assumes that network traffic is routed through a router.
- internal: Trusts the local network. All traffic is allowed except that explicitly blocked.
- work: Trusts the local network and selected services. All traffic is allowed except that explicitly blocked.
- dmz: Trusts the local network and selected services. All traffic is allowed except that explicitly blocked.
Viewing Current Zone

The command `firewall-cmd --get-active-zones` displays the current zone for each network interface:
For example:
$ firewall-cmd --get-active-zones public interfaces: ens33
Managing Firewall Rules

Now that we understand the zones, let's explore how to manage firewall rules.
To list all configured rules, use the following command:



















Listing All Configured Rules
The command `firewall-cmd --list-all` displays all configured rules, including services, ports, and masquerade settings:
Adding a Rule
To add a new rule, use the `firewall-cmd --permanent` command followed by the rule you want to add. For example, to allow incoming traffic on port 8080, use:
`firewall-cmd --permanent --zone=public --add-port=8080/tcp`
To make the rule effective immediately, run `firewall-cmd --reload` or `systemctl reload firewalld`.
Removing a Rule
To remove a rule, use the `firewall-cmd --permanent` command followed by the rule you want to remove. For example, to remove the rule that allows incoming traffic on port 8080, use:
`firewall-cmd --permanent --zone=public --remove-port=8080/tcp`
Again, to make the change effective immediately, run `firewall-cmd --reload` or `systemctl reload firewalld`.
Adding a Service
To allow traffic for a specific service, use the `firewall-cmd --permanent` command followed by the service name. For example, to allow traffic for the ssh service, use:
`firewall-cmd --permanent --zone=public --add-service=ssh`
Removing a Service
To remove a service, use the `firewall-cmd --permanent` command followed by the service name. For example, to remove the ssh service, use:
`firewall-cmd --permanent --zone=public --remove-service=ssh`
Regularly reviewing and managing your firewall rules is essential for maintaining a secure RHEL system. Stay vigilant, and always follow best practices for securing your systems.
To stay informed about the latest security updates and best practices, consider subscribing to the official Red Hat Enterprise Linux mailing lists and following the official Red Hat Blog. Happy securing!