Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
firewalld is a dynamic firewall management tool for Linux that uses zones to represent the trust level of network connections, interfaces, or sources. It supports IPv4, IPv6, firewall bridging, IP sets, and IPv4/IPv6 NAT. It is commonly found in distributions such as RHEL 7+, CentOS 7+, Fedora 18+, SUSE 15+, and OpenSUSE 15+, and can also be used on other distributions.
Its core value lies in separating runtime configuration from permanent configuration: administrators can first test rules immediately in runtime without restarting the service or daemon, and then save them to permanent once verified. Management options include firewall-cmd, firewall-offline-cmd, the GTK3 graphical tool firewall-config, and a Qt5 applet. At the rule level, it supports predefined zones, services, and icmptypes, and can handle ports, services, protocols, source ports, masquerading, port forwarding, ICMP filtering, rich rules, interfaces, and source addresses. The service abstraction can package ports, protocols, helpers, and destination addresses into reusable services, reducing the operational complexity of opening services.
firewalld provides a complete D-Bus API, allowing services, applications, and users to adjust firewall settings through the interface. Its documentation also lists integrations with Puppet, NetworkManager, libvirt, podman, docker (iptables backend only), fail2ban, and others. On the management side, it supports a lockdown whitelist to restrict which applications can modify the firewall, and it also supports simple logging of denied packets. However, the main documentation does not show capabilities for centralized alerts, notifications, audit reports, or an enterprise console.
The main documentation does not provide commercial pricing or paid edition information; it is presented more as a built-in/open-source infrastructure component in Linux distributions. Its strengths are that it is lightweight, widely supported across distributions, applies rules immediately, offers relatively safe configuration testing, and provides a complete API. Its limitations are that it is not a SaaS security platform, nor does the text show compliance certifications, SLA, or centralized operations across hosts. Complex rich rules and the direct interface still require administrators to be familiar with the Linux networking stack.
It is suitable for Linux system administrators, server operations teams, container/virtualization hosts, and teams that need fine-grained host firewall control. If you need enterprise-grade centralized policy management, compliance reporting, or cloud-based security operations, other platforms should be evaluated. Access status from China cannot be determined from the main documentation; payment information is also not provided. Alternative or complementary options include nftables, iptables, ufw, and others.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on firewalld.org official site.
firewalld.org is an International Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach firewalld.org directly.