FIREWALLD​.ZONES - Online Linux Manual PageSection : 5
Updated :
Source : firewalld 1.3.0
Note : firewalld.zones

NAMEfirewalld.zones − firewalld zones

DESCRIPTION

What is a zone?A network zone defines the level of trust for network connections​. This is a one to many relation, which means that a connection can only be part of one zone, but a zone can be used for many network connections​. The zone defines the firewall features that are enabled in this zone: .it 1 an-trap
Intra Zone Forwarding
Allows packets received by a zone to be forwarded to other interfaces or sources within the same zone, even if the zone's target is not ACCEPT​. .it 1 an-trap
Predefined services
A service is a combination of port and/or protocol entries​. Optionally netfilter helper modules can be added and also a IPv4 and IPv6 destination address​. .it 1 an-trap
Ports and protocols
Definition of tcp, udp, sctp or dccp ports, where ports can be a single port or a port range​. .it 1 an-trap
ICMP blocks
Blocks selected Internet Control Message Protocol (ICMP) messages​. These messages are either information requests or created as a reply to information requests or in error conditions​. .it 1 an-trap
ICMP block inversion
Changes how ICMP messages are handled​. When enabled, all ICMP message types are blocked, except for those in the ICMP block list​. .it 1 an-trap
Masquerading
The addresses of a private network are mapped to and hidden behind a public IP address​. This is a form of address translation​. .it 1 an-trap
Forward ports
A forward port is either mapped to the same port on another host or to another port on the same host or to another port on another host​. .it 1 an-trap
Rich language rules
The rich language extends the elements (service, port, icmp−block, masquerade, forward−port and source−port) with additional source and destination addresses, logging, actions and limits for logs and actions​. It can also be used for host or network white and black listing (for more information, please have a look at firewalld.richlanguage(5))​. For more information on the zone file format, please have a look at firewalld.zone(5)​.

Which zones are available?Here are the zones provided by firewalld sorted according to the default trust level of the zones from untrusted to trusted: drop Any incoming network packets are dropped, there is no reply​. Only outgoing network connections are possible​. block Any incoming network connections are rejected with an icmp−host−prohibited message for IPv4 and icmp6−adm−prohibited for IPv6​. Only network connections initiated within this system are possible​. public For use in public areas​. You do not trust the other computers on networks to not harm your computer​. Only selected incoming connections are accepted​. external For use on external networks with masquerading enabled especially for routers​. You do not trust the other computers on networks to not harm your computer​. Only selected incoming connections are accepted​. dmz For computers in your demilitarized zone that are publicly−accessible with limited access to your internal network​. Only selected incoming connections are accepted​. work For use in work areas​. You mostly trust the other computers on networks to not harm your computer​. Only selected incoming connections are accepted​. home For use in home areas​. You mostly trust the other computers on networks to not harm your computer​. Only selected incoming connections are accepted​. internal For use on internal networks​. You mostly trust the other computers on the networks to not harm your computer​. Only selected incoming connections are accepted​. trusted All network connections are accepted​.

Which zone should be used?A public WIFI network connection for example should be mainly untrusted, a wired home network connection should be fairly trusted​. Select the zone that best matches the network you are using​.

How to configure or add zones?To configure or add zones you can either use one of the firewalld interfaces to handle and change the configuration: These are the graphical configuration tool firewall−config, the command line tool firewall−cmd or the D−Bus interface​. Or you can create or copy a zone file in one of the configuration directories​. /usr/lib/firewalld/zones is used for default and fallback configurations and /etc/firewalld/zones is used for user created and customized configuration files​.

How to set or change a zone for a connection?The zone is stored into the ifcfg of the connection with ZONE= option​. If the option is missing or empty, the default zone set in firewalld is used​. If the connection is controlled by NetworkManager, you can also use nm−connection−editor to change the zone​. For the addition or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface​. Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file​. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone​. Only the zone binding is then removed in firewalld then​.

SEE ALSOfirewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5), firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5), firewalld.zones(5), firewalld.policy(5), firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)

NOTESfirewalld home page: ­http://firewalld.org More documentation with examples: ­http://fedoraproject.org/wiki/FirewallD

AUTHORSThomas Woerner <​twoerner@redhat​.com​> Developer Jiri Popelka <​jpopelka@redhat​.com​> Developer Eric Garver <​eric@garver​.life​> Developer
0
Johanes Gumabo
Data Size   :   22,308 byte
man-firewalld.zones.5Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   5 / 164,914
Visitor ID   :     :  
Visitor IP   :   52.15.35.129   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.

ERROR : Need New Coding :         (parse_manual_page_|249|firewalld.zones.5|39|it|.it 1 an-trap )         (parse_manual_page_|249|firewalld.zones.5|51|it|.it 1 an-trap )         (parse_manual_page_|249|firewalld.zones.5|62|it|.it 1 an-trap )         (parse_manual_page_|249|firewalld.zones.5|79|it|.it 1 an-trap )         (parse_manual_page_|249|firewalld.zones.5|90|it|.it 1 an-trap )         (parse_manual_page_|249|firewalld.zones.5|103|it|.it 1 an-trap )         (parse_manual_page_|249|firewalld.zones.5|114|it|.it 1 an-trap )         (parse_manual_page_|249|firewalld.zones.5|125|it|.it 1 an-trap )