On CentOS 7 have I been trying out different firewalld rules and iptables commands, and now want to do it all over, but only using firewalld.
Question
How can I reset all rules to the default that CentOS 7's firewalld ships with?
Following piece of Code may be helpful for you.
for srv in $(firewall-cmd --list-services);do firewall-cmd --remove-service=$srv; done
firewall-cmd --add-service={ssh,dhcpv6-client}
firewall-cmd --runtime-to-permanent
Regards,
Ahmer Mansoor
If you trully want to delete everything as John Ashpool say's
rm -rf /etc/firewalld/zones
or /usr/etc/firewalld/zones depending on your distro
and
iptables -X
iptables -F
iptables -Z
plus
systemctl restart firewalld
and then you have a new set of rules and zones ;)
You may simply delete the files containing the customized zone rules from /etc/firewalld/zones
(or /usr/etc/firewalld/zones
, depending on the distribution). After that, reload firewalld
with firewall-cmd --complete-reload
, and it should start using the default settings. When you make changes to the zone rules, files will appear again in that directory.
As for iptables
, you may reset all rules with iptables -F
. Rebooting works as well, unless you implemented some sort of persistency. Beware that firewalld
may be configured to use iptables
as its backend, which means it will add or remove iptables
rules itself, according to what you specified in its zone rules.
Any default zones
that come with distribution, if modified, get copied to /etc/firewalld/zones
directory with those modifications.
Which also means that the source of default
zone files is not this directory and re-installation doesn't know about the files under this directory (/etc/firewalld/zones
) so these files will be untouched
by reinstallation. Unless these files are removed, firewalld continues to load your modifications from this directory.
You can backup and delete all those files (safely) from /etc/firewalld/zones
and restart firewalld which then comes back to default distribution installed zone configurations.
It is safe in a sense that, the default distribution zone configurations allow SSH by default. However, if you logged into this server via a different port of SSH than 22 or by any other means than SSH, then you need to be careful, removing all those files from
/etc/firewalld/zones
sudo cp -pR /etc/firewalld/zones /etc/firewalld/zones.bak
sudo rm -f /etc/firewalld/zones/*
sudo systemctl restart firewalld
In case any other config files are modified, the firewalld itself can be reinstalled, however, the firewalld RPM needs to be downloaded to reinstall it.
Install yum-downloadonly
plugin:
(RHEL5)
# yum install yum-downloadonly
(RHEL6, RHEL7)
# yum install yum-plugin-downloadonly
Before using the plugin, check /etc/yum/pluginconf.d/downloadonly.conf
to confirm that this plugin is enabled=1
# yum install --downloadonly --downloaddir=/tmp firewalld
# rpm -ivh --force /tmp/firewalld*.rpm
BTW
yum reinstall firewalld
doesn't replace the modified config files.
Personally I would just remove all the services and rules from all the zones you have edited. Except for SSH in case you are working on a remote server. That is easy: sudo firewall-cmd --zone=WHATEVER --remove-service=WHATEVER
And after all have been removed, just sudo firewall-cmd --runtime-to-permanent
HOWEVER: If you haven't saved the firewall rules, then just restart with systemctl restart firewalld
I don't think there is any reset function in it.