Dynamic Linux firewall daemon with zones, a D-Bus interface, and separate runtime and permanent rules
- Stars1k
- Forks300
- Open Issues272
GPL-2.0
- Python
- Makefile
- Shell
About firewalld
firewalld is a dynamically managed firewall daemon for Linux. It organizes rules into network and firewall zones that set the trust level of each connection or interface, and it separates runtime configuration from permanent configuration so changes can be applied without reloading or interrupting active connections.
It covers IPv4 and IPv6 settings and ethernet bridges, and lets services or applications add iptables, ebtables, and nftables rules directly. A D-Bus interface exposes the firewall to other software, and the firewall-cmd command-line tool manages zones, services, and rules.
firewalld is free software under the GNU General Public License version 2. It depends on Linux 5.3 or newer and Python 3.8 or newer, with optional ipset, ebtables, and polkit support, and ships packaging for Fedora and RHEL based distributions.
Key features
- Network and firewall zones with trust levels
- Separate runtime and permanent configuration
- IPv4, IPv6, and ethernet bridge filtering
- Direct iptables, ebtables, and nftables rules
- D-Bus interface and firewall-cmd CLI
Details
- First released
- 2015
- Platforms
- Linux
- Deployment
- self-hostable
- Interfaces
- D-Bus and firewall-cmd CLI
- Backends
- iptables, ebtables, nftables
- Requires
- Linux 5.3+, Python 3.8+