Welcome to the firewalld project homepage!

Firewalld provides a dynamically managed firewall with support for network/firewall zones that defines the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings, ethernet bridges and IP sets. There is a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add firewall rules directly.


  • D-Bus API
  • Timed firewall rules
  • Rich Language for specific firewall rules
  • IPv4 and IPv6 NAT support
  • Firewall zones
  • IP set support
  • Simple log of denied packets
  • Direct interface
  • Lockdown: Whitelisting of applications that may modify the firewall
  • Support for iptables, ip6tables, ebtables and ipset firewall backends
  • Automatic loading of Linux kernel modules
  • Integration with Puppet

Who’s using it?

firewalld is used in the following Linux distributions as the default firewall management tool:

  • RHEL 7
  • Fedora 18 and newer
  • Available for many other distributions

Applications and libraries which support firewalld as a firewall management tool include: