Display Firewall Zone Properties

The firewalld management service filters all incoming interface traffic into one or more predefined zones. Each predefined zone has its own set of firewall rules for accepting or denying packets.

A default zone, called public, is automatically assigned to the host system during the installation of Oracle Linux. In cases where a host system is configured as a multi-zoned system, other predefined zones are available to view in addition to the default public zone.

Using the Networking page in the web console, Cockpit administrators can view the firewall management rules associated with each zone.

What Do You Need?

• The Cockpit web console must be installed and accessible.

  For details, see these topics: Install and Enable Cockpit and Log in to the Cockpit Web Console.

• Administrator privileges.

Steps

Using the Cockpit web console, follow these steps to review the host system's current zone information:

1. In the Cockpit navigation pane, click Networking.
   The Networking page appears.
2. In the Networking page, find the Firewall panel and perform one of the following to access and view the predefined zoning information:
   • Click the active zone link appearing under the Firewall heading.

     Important:

     The name of the active zone link indicates the number of active zones. A zone is only active if it has at least one interface or source assigned.
   • Click Edit rules and zones in the Firewall panel.

     Note:

     For information on how to edit the firewall management rules associated with a predefined zone, see Control Access to Zone Services.

     Information about each predefined zone appears in tables, for example:

     • Firewalld predefined zone name. The name of the predefined zone appears. For example: Public, External, DMZ, Work, Home, or Internal.
     • Interfaces and source addresses. The names of the interfaces and source addresses that are allowed access through the predefined zone appear.

       Important:

       Firewalld doesn't automatically pair the interface source IP address ranges to the default public zone. It does, however, automatically pair all the interface names to the default public zone. Interface names are the host names for the physical and virtual network interfaces that are configured on the system.
     • Services and ports. The names of the access-allowed services and ports associated with the predefined zone appear.