systemd-firewalld

firewall-cmd

list all available zones

firewall-cmd --list-all-zones

Add a firewall rull to allow ssh traffic

This can be done with a service of by setting specific port.

Adding the port

A reload is only necessary when --permanent is added. Without --permanent the settings is only in runtime. And wont survive a reboot or reload

firewall-cmd --add-port 22/tcp --zone=public --permanent
firewall-cmd --reload

adding the service

firewall-cmd --add-service=ssh

file locations

Zone file are located in /usr/lib/firewalld/zones Service files are located in /usr/lib/firewalld/services/

active zones

To see which zones are active: This will show you which zones are active for which interface.

firewall-cmd --get-active-zone

default zone

to check you default zone you can run the following

firewall-cmd --get-default-zone

or run the following command and look at the first line

firewall-cmd --list-all
public (default, active)
  target: default
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: enp0s13f0u1u4 tun0
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules: