Firewall-cmd cheat sheet

As I find myself infrequently changing firewall rules I often have to look up the syntax again and these tips cover 90% of what I want to do.

Get zone details; here is a quick reminder on how to find the default zone, find the active zone and finally list all the current rules.

firewall-cmd --get-default-zone
firewall-cmd --get-active-zone
firewall-cmd --list-all

Adding rules for https traffic

firewall-cmd --get-default-zone
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --zone=public --list-all

Adding rules for port 53 tcp

firewall-cmd --get-default-zone
firewall-cmd --zone=public --permanent --add-port=53/tcp
firewall-cmd --reload
firewall-cmd --zone=public --list-all

Stop Network Manager overwriting resolv.conf

Arg.. I updated /etc/resolv.conf and later after a reboot or restarting my network services NetworkManager pulls out my updates. So to stop this here is what have found works for me.

  1. Update /etc/resolv.conf as I wish
  2. edit NewtworkManager.conf
    sudo vi /etc/NetworkManager/NetworkManager.conf
  3. add dns=none under [main]
  4. restart NetworkManager to ensure my /etc/resolv.conf is left alone
  5. Wonder why I didn’t sort this out sooner 🙂