Introduction
The rich language allows traditional complex firewall rules to be read and understood easier. The rich language uses keywords with values.
Disclaimer: This article is for educational purposes. Technical support will not configure your firewall for you as it is considered outside the scope of support.
The Rich language command format
The following is the format to use when adding a rule:
firewall-cmd [--zone=$zone] --add-rich-rule='$rule' [--timeout=$timeval]
The following will check if a rule named "testrule" is present within the "testzone" zone:
firewall-cmd [--zone=testzone] --query-rich-rule='testrule'
The following will list all current Rich Rules in the public zone:
firewall-cmd --zone=public --list-rich-rules
The following will allow all connections from a source address:
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address=198.51.100.2 accept'
The following will forward all IPv4 traffic on port 80 to port 8080 on host 1.2.3.4:
firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080 to-addr=198.51.100.2'