On CentOS 7 have I been trying out different firewalld rules and iptables commands, and now want to do it all over, but only using firewalld.
Question
How can I reset all rules to the default that CentOS 7's firewalld ships with?
Asked
Active
Viewed 4.5k times
5 Answers
4
Following piece of Code may be helpful for you.
for srv in $(firewall-cmd --list-services);do firewall-cmd --remove-service=$srv; done
firewall-cmd --add-service={ssh,dhcpv6-client}
firewall-cmd --runtime-to-permanent
Regards,
Ahmer Mansoor
Ahmer Mansoor
- 41
- 3
3
If you trully want to delete everything as John Ashpool say's
rm -rf /etc/firewalld/zones or /usr/etc/firewalld/zones depending on your distro
and
iptables -X
iptables -F
iptables -Z
plus
systemctl restart firewalld
and then you have a new set of rules and zones ;)
denn0n
- 31
- 1
-
I had to also remove `/etc/firewalld/direct.xml` which was containing custom rules I added. – Tristan CHARBONNIER Feb 28 '22 at 04:52
-
I did not knew that Tristan Thank you ! – denn0n Apr 18 '22 at 21:26
3
You may simply delete the files containing the customized zone rules from /etc/firewalld/zones (or /usr/etc/firewalld/zones, depending on the distribution). After that, reload firewalld with firewall-cmd --complete-reload, and it should start using the default settings. When you make changes to the zone rules, files will appear again in that directory.
As for iptables, you may reset all rules with iptables -F. Rebooting works as well, unless you implemented some sort of persistency. Beware that firewalld may be configured to use iptables as its backend, which means it will add or remove iptables rules itself, according to what you specified in its zone rules.
ashpool
- 131
- 4
1
Any default zones that come with distribution, if modified, get copied to /etc/firewalld/zones directory with those modifications.
Which also means that the source of default zone files is not this directory and re-installation doesn't know about the files under this directory (/etc/firewalld/zones) so these files will be untouched by reinstallation. Unless these files are removed, firewalld continues to load your modifications from this directory.
You can backup and delete all those files (safely) from /etc/firewalld/zones and restart firewalld which then comes back to default distribution installed zone configurations.
It is safe in a sense that, the default distribution zone configurations allow SSH by default. However, if you logged into this server via a different port of SSH than 22 or by any other means than SSH, then you need to be careful, removing all those files from
/etc/firewalld/zones
sudo cp -pR /etc/firewalld/zones /etc/firewalld/zones.bak
sudo rm -f /etc/firewalld/zones/*
sudo systemctl restart firewalld
In case any other config files are modified, the firewalld itself can be reinstalled, however, the firewalld RPM needs to be downloaded to reinstall it.
Install yum-downloadonly plugin:
(RHEL5)
# yum install yum-downloadonly
(RHEL6, RHEL7)
# yum install yum-plugin-downloadonly
Before using the plugin, check /etc/yum/pluginconf.d/downloadonly.conf to confirm that this plugin is enabled=1
# yum install --downloadonly --downloaddir=/tmp firewalld
# rpm -ivh --force /tmp/firewalld*.rpm
BTW
yum reinstall firewallddoesn't replace the modified config files.
VanagaS
- 176
- 1
- 4
1
Personally I would just remove all the services and rules from all the zones you have edited. Except for SSH in case you are working on a remote server. That is easy: sudo firewall-cmd --zone=WHATEVER --remove-service=WHATEVER
And after all have been removed, just sudo firewall-cmd --runtime-to-permanent
HOWEVER: If you haven't saved the firewall rules, then just restart with systemctl restart firewalld
I don't think there is any reset function in it.
Bert
- 984
- 1
- 11
- 29
-
-
1Then you want to reset iptables, not firewall. https://kerneltalks.com/virtualization/how-to-reset-iptables-to-default-settings/ – Bert Mar 12 '18 at 15:34