Skip to main content

Understanding Systemctl and Firewall-cmd: A Comprehensive Guide

 

In this blog post, we will delve into two powerful command-line tools used in Linux systems: `systemctl` and `firewall-cmd`. We will explore their functionalities, flags, and provide examples to illustrate their usage.

## Systemctl: Controlling systemd Services

`systemctl` is a command-line utility that allows you to control the `systemd` system and service manager¹². `systemd` is the first process that gets started during bootup (with PID 1) and it's responsible for bringing the Linux host up to the state where it can be used².


### Flags and Usage

Here are some commonly used flags with `systemctl`:

- `start [service]`: Starts a service¹.

- `stop [service]`: Stops a service¹.

- `restart [service]`: Restarts a service¹.

- `reload [service]`: Reloads a service configuration¹.

- `enable [service]`: Enables a service to start at boot¹.

- `disable [service]`: Disables a service from starting at boot¹.

- `status [service]`: Checks the status of a service¹.

- `list-units --type=service --all --state=exited,inactive`: Lists all units, including inactive ones¹.


### Examples

systemctl status httpd

```


The output might look something like this¹⁷:



[root@host ~]# systemctl status httpd

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

Active: active (running) since Fri 2020-05-08 14:15:54 EDT; 1 weeks 2 days ago

Docs: man:httpd (8)

man:apachectl (8)

Process: 3767 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)

Main PID: 1321 (httpd)

Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"

CGroup: /system.slice/httpd.service

├─1321 /usr/sbin/httpd -DFOREGROUND

├─3769 /usr/sbin/httpd -DFOREGROUND

```


## 2. Starting a service


To start a service, you can use the `systemctl start` command¹⁹:



systemctl start httpd

```


This command does not produce any output if the operation is successful.


## 3. Stopping a service


The `systemctl stop` command is used to stop a running service²⁸:



systemctl stop httpd

```


Like the start command, this command also does not produce any output if the operation is successful.


## 4. Restarting a service


To restart a service, you can use the `systemctl restart` command⁶:



systemctl restart httpd

```


This command does not produce any output if the operation is successful.


## 5. Checking if a service is active


The `systemctl is-active` command is used to check if a service is currently running²⁴:



systemctl is-active httpd

```


The output will be `active` if the service is running, and `inactive` if it is not.


## 6. Enabling a service


The `systemctl enable` command is used to set a service to start automatically at system boot¹⁴:



systemctl enable httpd

```


This command does not produce any output if the operation is successful.


## 7. Checking if a service is enabled


The `systemctl is-enabled` command is used to check if a service is enabled to start at boot²⁴:



systemctl is-enabled httpd

```


The output will be `enabled` if the service is set to start at boot, and `disabled` if it is not.


## 8. Disabling a service


The `systemctl disable` command is used to prevent a service from starting automatically at boot[^20^]:



systemctl disable httpd

```


This command does not produce any output if the operation is successful.


# Start a service

sudo systemctl start apache2


# Stop a service

sudo systemctl stop apache2


# Restart a service

sudo systemctl restart apache2


# Reload a service configuration

sudo systemctl reload apache2


# Enable a service to start at boot

sudo systemctl enable apache2


# Disable a service from starting at boot

sudo systemctl disable apache2


# Check the status of a service

sudo systemctl status apache2

```


## Firewall-cmd: Managing Firewalld


`firewall-cmd` is a command-line client of the `firewalld` daemon⁴⁵. It provides an interface to manage the runtime and permanent configurations⁴.


### Flags and Usage


Here are some commonly used flags with `firewall-cmd`:


- `--state`: Checks whether the `firewalld` daemon is active⁴.

- `--reload`: Reloads firewall rules and keeps state information⁴.

- `--complete-reload`: Reloads firewall completely, even netfilter kernel modules⁴.

- `--runtime-to-permanent`: Saves active runtime configuration and overwrites permanent configuration with it⁴.

- `--new-zone [zone]`: Creates a new zone⁶.

- `--zone=[zone] --add-service=[service]`: Adds a service to a specific zone⁵.

- `--zone=[zone] --list-services`: Lists all services in a specific zone⁵.


### Examples


To check the state of the firewall, use the following command:



firewall-cmd --state

```


This command will return either `running` or `not running`, indicating whether the `firewalld` service is active.


## Listing All Firewall Configurations


To list all the current firewall configurations, use:



firewall-cmd --list-all

```


This command will display the default zone, interfaces, sources, services, ports, and other settings.


## Listing All Zones


To list all predefined zones, use:



firewall-cmd --list-all-zones

```


This command will display all available zones along with their configurations.


## Adding Services


To add a service (like HTTP or FTP) to the firewall, use:



firewall-cmd --add-service=http

firewall-cmd --add-service=ftp --permanent

```


The first command allows HTTP traffic temporarily, while the second command allows FTP traffic permanently.


## Reloading Firewall


After making changes, you can apply them by reloading the firewall:



firewall-cmd --reload

```


## Adding and Removing Ports


To add or remove a specific port, use:



firewall-cmd --add-port=21/tcp --permanent

firewall-cmd --remove-port=21/tcp --permanent

```


These commands add and remove TCP port 21 permanently.


## Creating and Setting Default Zone


To create a new zone and set it as the default, use:



firewall-cmd --permanent --new-zone=test1

firewall-cmd --set-default-zone=test1

```


These commands create a new zone named 'test1' and set it as the default zone.


## Adding Interface to Zone


To add an interface to a specific zone, use:



firewall-cmd --permanent --zone=test1 --add-interface=enp0s8

```


This command adds the 'enp0s8' interface to the 'test1' zone.


In conclusion, `systemctl` and `firewall-cmd` are powerful tools that provide control over services and firewall rules in a Linux system. Understanding these tools is essential for effective system administration.




Labels:

Popular posts from this blog

Cockpit vs. Webmin: A Detailed Comparison for Linux Administration

  Introduction In the realm of Linux system administration, having efficient tools for managing and monitoring servers is crucial. Two popular tools that system administrators often use are  Cockpit  and  Webmin . Both of these tools provide a graphical interface accessible via a web browser, simplifying the management of Linux systems. This blog post will explore what Cockpit and Webmin are, their purposes, a comparison table, and additional information to help you choose the right tool for your needs. What is Cockpit? Overview Cockpit is a web-based graphical interface for managing Linux systems. It is designed to be easy to use, enabling both experienced and novice administrators to manage their systems effectively. Cockpit integrates seamlessly with the system’s existing infrastructure, providing real-time monitoring and management capabilities. Purpose Cockpit is primarily used for: Monitoring system performance and resource usage Managing system services Handli...
Post a Comment
Read more

How to Set Up Custom Screen Resolution on Fedora 38 Permanently

  If you are using Fedora 38 as your operating system, you may have encountered some issues with the screen resolution. The default resolution may not be suitable for your monitor or your preferences, and you may want to change it to a higher or lower value. However, changing the resolution from the Settings menu may not work properly, or it may not persist after a reboot. In this blog post, I will show you how to set up a custom screen resolution on Fedora 38 permanently using some simple commands and configuration files. The first step is to disable the Wayland display server, which is the default display server for Fedora 38. Wayland is a modern and secure display server, but it may not support some custom resolutions or drivers. To disable Wayland, you need to edit the /etc/gdm/custom.conf file as root. You can use any text editor of your choice, such as nano, vim, or gedit. To open the file with nano, for example, you can type the following command in the terminal: sudo nano ...
Post a Comment
Read more

Key Concepts and Tools for a Linux System Administrator

  A Linux System Administrator needs to have a comprehensive understanding of various concepts and tools to manage, configure, and maintain Linux systems effectively. Below is a categorized list of essential skills and tools with brief descriptions. Category Key Concepts & Tools Description Operating System Linux Distributions (e.g., Fedora, Ubuntu, CentOS) Knowledge of different Linux distributions, their package management systems, and unique features. Kernel Configuration and Management Understanding how to configure and optimize the Linux kernel for different workloads. System Boot Process (GRUB, systemd) Familiarity with the boot process, bootloaders, and system initialization processes. Command Line Skills Bash Shell Scripting Ability to write and debug shell scripts for automation of tasks. Core Commands (ls, cp, mv, rm, find, grep, awk, sed) Proficiency in using basic and advanced command-line utilities for system management. File System File System Hierarchy Standard (...
Post a Comment
Read more