{{tag>[linux firewalld zones service]}}

=====FirewallD=====

====Create new zone====
  * Create new zone and add sources and services:<code>
firewall-cmd --permanent --new-zone=monitoring
firewall-cmd --permanent --zone monitoring --add-source=<monitoring source address>
firewall-cmd --permanent --zone monitoring --add-service=<your services>
firewall-cmd --reload
</code>
====Create new service====
  * Get zones:<code>firewall-cmd --get-zones</code>
  * Set default zone:<code>firewall-cmd --set-default-zone=internal</code>
  * Verify:<code>firewall-cmd --get-zone-of-interface=eth0</code>
  * Stop firewalld:<code>systemctl stop firewalld.service</code>
  * Create service file:**vi /etc/firewalld/services/splunk.xml**<code><?xml version="1.0" encoding="utf-8"?>
<service version="1.0">
  <short>splunk</short>
  <port port="8000" protocol="tcp"/>
</service></code>
  * Start firewalld:<code>systemctl start firewalld.service</code>
  * Add service to zone:<code>firewall-cmd --permanent --zone=internal --add-service=splunk</code>
  * Restart firewalld:<code>systemctl restart firewalld</code>