Install and use firewalld on Ubuntu
install firewalld
use firewalld
firewalld ubuntu
In this tutorial will present how to install and use firewalld
. This will work on Ubuntu 18.04, Ubuntu 16.04 or Ubuntu 20.04.
Install Firewalld
Firewalld is one of the Linux firewall management tool and it is available on the in the Ubuntu's default repositories, therefore it is available to
be installed from these repositories using the apt packaging system
.
Run the apt update
first to update the local repositories.
adm@admfactorytest:~$ sudo apt update
adm@admfactorytest:~$ sudo apt install firewalld
adm@admfactorytest:~$
Enable Firewalld
The first thing that needs to be done is to enable the firewalld. By default, it should be enabled.
adm@admfactorytest:~$ systemctl enable firewalld
Synchronizing state of firewalld.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable firewalld
adm@admfactorytest:~$
Start Firewalld
Next step is to start the service if is not ready started.
adm@admfactorytest:~$ sudo systemctl start firewalld
adm@admfactorytest:~$
Check Firewalld
To confirm that the service is running, execute the following command:
adm@admfactorytest:~$ sudo firewall-cmd --state
running
adm@admfactorytest:~$
Using Firewalld on Ubuntu
After the installation is finished is time to move on configurations. Here are a few commands that will help you to use the firewalld.
Checking all firewall rules configured
adm@admfactorytest:~? sudo firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
adm@admfactorytest:~$
Note that these the default settings. As you can see the ssh
service is enabled, otherwise, you would lose the ssh session to the server.
Firewalld list of all available services
If you want to see all available services that can be activated, run the following command.
adm@admfactorytest:~$ sudo firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry docker-swarm dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target kadmin kerberos kibana klogin kpasswd kprop kshell ldap ldaps libvirt libvirt-tls managesieve mdns minidlna mosh mountd ms-wbt mssql murmur mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius redis rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server
adm@admfactorytest:~$
Firewalld add new service
To add a new service, run the following command. In this example will add the http
service:
adm@admfactorytest:~$ sudo firewall-cmd --add-service=http --permanent
success
adm@admfactorytest:~$
You can also add multiple services at the same time by using curly brackets:
adm@admfactorytest:~$ sudo firewall-cmd --add-service={http,https} --permanent
success
adm@admfactorytest:~$
Firewalld add new TCP port
adm@admfactorytest:~$ sudo firewall-cmd --add-port=8080/tcp --permanent
success
adm@admfactorytest:~$
Firewalld add new UDP port
adm@admfactorytest:~$ sudo firewall-cmd --add-port=510/udp --permanent
success
adm@admfactorytest:~$
Firewalld reload the settings
adm@admfactorytest:~$ sudo firewall-cmd --reload
success
adm@admfactorytest:~$