firewalld
dynamic firewall daemon for Linux
TLDR
Start firewalld daemon
SYNOPSIS
firewalld [--debug] [--debug-gc] [--nofork] [--nopid] [--system-config DIR] [--default-config DIR]
DESCRIPTION
firewalld is a dynamic firewall daemon providing a frontend for nftables (or iptables as a legacy backend). It manages firewall rules dynamically, allowing changes without disrupting existing connections or requiring a full restart.
Firewalld uses the concept of zones to define trust levels for network connections (public, home, work, trusted, etc.). Each zone has predefined rules for allowed services and ports. Services define ports and protocols for common applications (ssh, http, https).
Users interact with firewalld primarily through firewall-cmd, the command-line client. Changes can be made at runtime (temporary) or permanently (persist across reboots). The daemon handles rule translation and manages the underlying packet filtering.
PARAMETERS
--debug
Set log level to debug and run in foreground.--debug-gc
Enable garbage collector leak information.--nofork
Do not fork into background (stay in foreground).--nopid
Disable writing PID file.--system-config DIR
Path to system configuration directory.--default-config DIR
Path to default configuration directory.-h, --help
Display help message.
CONFIGURATION
/etc/firewalld/firewalld.conf
Main daemon configuration including default zone, cleanup settings, and backend selection.**/etc/firewalld/zones/*.xml**
Zone definitions controlling network trust levels.**/etc/firewalld/services/*.xml**
Service definitions for port and protocol mappings.
CAVEATS
firewalld should not be used simultaneously with other firewall management tools like ufw or direct iptables manipulation. Running firewalld in debug mode generates verbose output and is intended for troubleshooting. The daemon requires root privileges and is typically managed via systemd.
HISTORY
firewalld was developed by Red Hat and introduced in Fedora 15 (2011) as a replacement for the static system-config-firewall tool. It provides dynamic management without requiring service restarts. In 2018, firewalld switched from iptables to nftables as its default backend, though iptables support remains for compatibility.
SEE ALSO
firewall-cmd(1), firewall-offline-cmd(1), nft(8), iptables(8)
