homelab/active/software_firewalld/firewalld.md

# Firewalld

## Notes

```bash
# Add a port
firewall-cmd --permanent --add-port=22/tcp

# List active zones
firewall-cmd --get-active-zones

# Set default zone
firewall-cmd --set-default-zone=drop

# Set zone for a specific subnet
firewall-cmd --permanent --zone=drop --add-source=10.244.0.0/16

# Set zone for specific interface
firewall-cmd --zone=drop --change-interface=

# Get info about service
firewall-cmd --info-service=samba

# Get zone information
firewall-cmd --info-zone=drop
```

## Inspecting Zones

```bash
# List all active rules
firewall-cmd --list-all

# Log all denies
firewall-cmd --set-log-denied=all
```