26.3.1.1 Configuring the firewalld Zone

To check the zone for which your system's firewall is configured:

# firewall-cmd --get-active-zone

The command does not display any results if the system has not been assigned to a zone.

Use the following command to display all available zones:

# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

To configure your system for the work zone on a local network connected via the em1 interface:

# firewall-cmd --zone=work --change-interface=em1
success

Querying the current zone now shows that the firewall is configured on the interface em1 for the work zone:

# firewall-cmd --get-active-zone
work
  interfaces: em1

To make the change permanent, you can change the default zone for the system, for example:

# firewall-cmd --get-default-zone
public
# firewall-cmd --set-default-zone=work
success
# firewall-cmd --get-default-zone
work