firewalld の概要

The firewalld package provides a dynamically managed firewall with support for network or firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add nftables or iptables and ebtables rules directly.

本パッケージは LFS-9.0 において正しくビルドでき動作することが確認されています。


firewalld の依存パッケージ


nftables-0.9.3, python-slip-0.6.5



GTK+-3.24.13 (runtime only, required for fireall-config), Qt-5.14.1 (runtime only, required for fireall-applet), ipset for ipset support (only when used with iptables)


firewalld のインストール

Install firewalld by running the following commands:

PYTHON=/usr/bin/python3           \
    ./configure --sysconfdir=/etc \
                --without-ipset   &&

The testsuite for firewalld is very dependent on the running kernel and system configuration. It requires ipset as well as both backends, and all supported kernel options available.

If the above conditions are met, run the testsuite as the root user with the command make -C src check. Any test failures are likely the result of an incomplete configuration. Failed tests will give a detailed failure status at src/test/testsuite.dir/<###>/testsuite.log.

Now, as the root user:

make install


--without-ipset: This switch disables use of the ipset utility. Omit if it is installed.

--without-{ip{,6},eb}tables{,-restore}: These switches disable iptables support and are required if you wish to build without iptables support.

firewalld の設定


/etc/firewall/applet.conf, /etc/firewalld/firewalld.conf, and /etc/sysconfig/firewalld

Configuration of firewalld is generally done without modification of the above configuration files using the firewall-cmd command. Within the above configuration files you can set daemon behavior only. E.g.: whether runtime rules are retained on restart, which firewall backend to use (default is nftables), or whether to turn on debugging.

Detailed documentation is provided by the firewalld developers at

Systemd ユニット

If you need to run the firewalld daemon at system startup, enable the previously installed firewalld.service unit with the following command:

systemctl enable firewalld


インストールプログラム: firewall-applet, firewall-cmd, firewall-config, firewall-offline-cmd, firewalld
インストールライブラリ: なし
インストールディレクトリ: /etc/firewalld, /etc/firewall, /usr/lib/firewalld, /usr/lib/python-3.8.1/site-packages/firewall



is a tray applet using QSettings backend.


is the primary command line frontend.


is a GUI configuration tool using GTK+-3.


is a command line client used for permanent configuration while firewalld is not running.


is the Dynamic Firewall Manager daemon.

最終更新日: 2020-02-10 04:53:49 +0900