RHEL Firewall: List Rules via Command

Securing your Red Hat Enterprise Linux (RHEL) system involves managing firewall rules effectively. RHEL provides a robust firewall service called firewalld, which uses iptables under the hood. Understanding and managing firewall rules is crucial for maintaining a secure environment. Let's delve into the essential commands and rules for managing your RHEL firewall.

R-FILES | RDCTD
R-FILES | RDCTD

Before we begin, ensure that the firewalld service is active and enabled. You can check its status with the following command:

Advanced Firewall Configurations with ipset
Advanced Firewall Configurations with ipset

Understanding Firewalld Zones

In RHEL, firewalld uses zones to define the trust level of network interfaces. Understanding these zones is crucial for creating effective firewall rules.

the fortgate firewall commands poster
the fortgate firewall commands poster

To list the available zones, use the following command:

Listing Available Zones

a white piece of paper with writing on it and an image of a firewall diagram
a white piece of paper with writing on it and an image of a firewall diagram

The command `firewall-cmd --get-zones` displays the list of predefined zones:

  1. drop: Drops all incoming traffic.
  2. block: Rejects incoming traffic with an icmp-host-prohibited message.
  3. public: Trusts no one. Only selected services are allowed.
  4. external: Similar to public, but assumes that network traffic is routed through a router.
  5. internal: Trusts the local network. All traffic is allowed except that explicitly blocked.
  6. work: Trusts the local network and selected services. All traffic is allowed except that explicitly blocked.
  7. dmz: Trusts the local network and selected services. All traffic is allowed except that explicitly blocked.

Viewing Current Zone

Firewall Explained: What Every Computer Science Student Must Know
Firewall Explained: What Every Computer Science Student Must Know

The command `firewall-cmd --get-active-zones` displays the current zone for each network interface:

For example:

$ firewall-cmd --get-active-zones
public
  interfaces: ens33

Managing Firewall Rules

the internet and firewalls diagram shows how to use it in different areas of the world
the internet and firewalls diagram shows how to use it in different areas of the world

Now that we understand the zones, let's explore how to manage firewall rules.

To list all configured rules, use the following command:

the router and firewall diagram is shown in red, white, and blue
the router and firewall diagram is shown in red, white, and blue
an orange background with some type of text and numbers in black on the bottom right corner
an orange background with some type of text and numbers in black on the bottom right corner
a poster with the words curl command chat sheet in blue and green font on it
a poster with the words curl command chat sheet in blue and green font on it
the word rules is written in red on a black background with grungy edges
the word rules is written in red on a black background with grungy edges
a poster with instructions on how to use the internet
a poster with instructions on how to use the internet
networking ports
networking ports
a screenshot of a web page with text
a screenshot of a web page with text
a poster with instructions on how to use the router commands for your home or business
a poster with instructions on how to use the router commands for your home or business
the diagram shows different types of networked devices
the diagram shows different types of networked devices
Networking fundamentals never go out of style. 🌐
Networking fundamentals never go out of style. 🌐
a poster with the words ccna on it and other information about what to use
a poster with the words ccna on it and other information about what to use
Linux Commands Cheat Sheet {with Free Downloadable PDF}
Linux Commands Cheat Sheet {with Free Downloadable PDF}
Must Follow Rules....
Must Follow Rules....
i had to😭😣
i had to😭😣
the instructions for switching commands are shown in this poster, which shows how to use them
the instructions for switching commands are shown in this poster, which shows how to use them
an info sheet with some information about the different types of status and features on it
an info sheet with some information about the different types of status and features on it
the rules for house rules in black and white
the rules for house rules in black and white
πŸ‘† Fastest Way To Learn Hacking in 2025
πŸ‘† Fastest Way To Learn Hacking in 2025
CYBERSECURITY ROADMAP (2026)
CYBERSECURITY ROADMAP (2026)

Listing All Configured Rules

The command `firewall-cmd --list-all` displays all configured rules, including services, ports, and masquerade settings:

Adding a Rule

To add a new rule, use the `firewall-cmd --permanent` command followed by the rule you want to add. For example, to allow incoming traffic on port 8080, use:

`firewall-cmd --permanent --zone=public --add-port=8080/tcp`

To make the rule effective immediately, run `firewall-cmd --reload` or `systemctl reload firewalld`.

Removing a Rule

To remove a rule, use the `firewall-cmd --permanent` command followed by the rule you want to remove. For example, to remove the rule that allows incoming traffic on port 8080, use:

`firewall-cmd --permanent --zone=public --remove-port=8080/tcp`

Again, to make the change effective immediately, run `firewall-cmd --reload` or `systemctl reload firewalld`.

Adding a Service

To allow traffic for a specific service, use the `firewall-cmd --permanent` command followed by the service name. For example, to allow traffic for the ssh service, use:

`firewall-cmd --permanent --zone=public --add-service=ssh`

Removing a Service

To remove a service, use the `firewall-cmd --permanent` command followed by the service name. For example, to remove the ssh service, use:

`firewall-cmd --permanent --zone=public --remove-service=ssh`

Regularly reviewing and managing your firewall rules is essential for maintaining a secure RHEL system. Stay vigilant, and always follow best practices for securing your systems.

To stay informed about the latest security updates and best practices, consider subscribing to the official Red Hat Enterprise Linux mailing lists and following the official Red Hat Blog. Happy securing!