ADMFactory
Tutorials from a developer perspective
Os / Linux

Install and use firewalld on Ubuntu

by ADM

 

 


In this tutorial will present how to install and use firewalld. This will work on Ubuntu 18.04, Ubuntu 16.04 or Ubuntu 20.04.

Install Firewalld

Firewalld is one of the Linux firewall management tool and it is available on the in the Ubuntu's default repositories, therefore it is available to be installed from these repositories using the apt packaging system.

Run the apt update first to update the local repositories.

adm@admfactorytest:~$ sudo apt update
adm@admfactorytest:~$ sudo apt install firewalld
adm@admfactorytest:~$ 

Enable Firewalld

The first thing that needs to be done is to enable the firewalld. By default, it should be enabled.

adm@admfactorytest:~$ systemctl enable firewalld
Synchronizing state of firewalld.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable firewalld
adm@admfactorytest:~$ 

Start Firewalld

Next step is to start the service if is not ready started.

adm@admfactorytest:~$ sudo systemctl start firewalld
adm@admfactorytest:~$ 

Check Firewalld

To confirm that the service is running, execute the following command:

adm@admfactorytest:~$ sudo firewall-cmd --state
running
adm@admfactorytest:~$ 

Using Firewalld on Ubuntu

After the installation is finished is time to move on configurations. Here are a few commands that will help you to use the firewalld.

Checking all firewall rules configured

adm@admfactorytest:~? sudo firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
 adm@admfactorytest:~$ 

Note that these the default settings. As you can see the ssh service is enabled, otherwise, you would lose the ssh session to the server.

Firewalld list of all available services

If you want to see all available services that can be activated, run the following command.

adm@admfactorytest:~$ sudo firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry docker-swarm dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target kadmin kerberos kibana klogin kpasswd kprop kshell ldap ldaps libvirt libvirt-tls managesieve mdns minidlna mosh mountd ms-wbt mssql murmur mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius redis rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server
adm@admfactorytest:~$ 

Firewalld add new service

To add a new service, run the following command. In this example will add the http service:

adm@admfactorytest:~$ sudo firewall-cmd --add-service=http --permanent
success
adm@admfactorytest:~$ 

You can also add multiple services at the same time by using curly brackets:

adm@admfactorytest:~$ sudo firewall-cmd --add-service={http,https} --permanent
success
adm@admfactorytest:~$ 

Firewalld add new TCP port

adm@admfactorytest:~$ sudo firewall-cmd --add-port=8080/tcp --permanent
success
adm@admfactorytest:~$ 

Firewalld add new UDP port

adm@admfactorytest:~$ sudo firewall-cmd --add-port=510/udp --permanent
success
adm@admfactorytest:~$ 

Firewalld reload the settings

adm@admfactorytest:~$ sudo firewall-cmd --reload
success
adm@admfactorytest:~$