Firewall-cmd is a command line tool used to configure and manage the firewalld service in Linux. Firewalld is a firewall service that provides a dynamic firewall management system. It allows you to configure and customize the firewall settings according to your needs.

To use firewall-cmd, you must first install firewalld on your Linux system. This can be done using your system’s package manager. For example, on Fedora, CentOS, or Red Hat Enterprise Linux, you can use the following command:

sudo yum install firewalld

Once firewalld is installed, you can start the service by using the following command:

sudo systemctl start firewalld

To make sure that the firewalld service starts automatically at boot time, use the following command: sudo systemctl enable firewalld

Now that the firewalld service is running, you can use the firewall-cmd tool to configure the firewall. To see the current firewall configuration, use the following command:

sudo firewall-cmd --list-all

This will display the current firewall configuration, including the zones, services, and ports that are allowed or blocked.

To add a new service to the firewall, use the following command:

sudo firewall-cmd --add-service=service-name

Replace service-name with the name of the service you want to add. For example, to add the HTTP service, you would use the following command:

sudo firewall-cmd --add-service=http

To add a new port to the firewall, use the following command:

sudo firewall-cmd --add-port=port-number/protocol

Replace port-number with the number of the port you want to add and protocol with the protocol used by the port (either tcp or udp). For example, to add port 80 for the HTTP service, you would use the following command:

sudo firewall-cmd --add-port=80/tcp

To remove a service or port from the firewall, use the --remove option instead of --add. For example, to remove the HTTP service, you would use the following command:

sudo firewall-cmd --remove-service=http

To make your changes permanent, you need to use the --permanent option. This will save your changes to the firewall configuration so that they persist across reboots. For example, to add the HTTP service permanently, you would use the following command:

sudo firewall-cmd --permanent --add-service=http

Once you have made your changes, you need to reload the firewall to apply them. You can do this using the following command:

sudo firewall-cmd --reload

This will apply your changes to the firewall configuration and activate them.

In conclusion, firewall-cmd is a powerful tool for configuring and managing the firewalld service in Linux. With firewall-cmd, you can easily add or remove services and ports from the firewall and customize the firewall settings to suit your needs.