The firewalld.conf file in
/etc/firewalld provides the base configuration for firewalld. If it is absent or if
/etc/firewalld is missing, the firewalld internal defaults will be used.
The settings listed below are the default values.
The default zone used if an empty zone string is used. Everything that is not explicitly bound to another zone will be handled by the default zone.
Marks up to this minimum are free for use for example in the direct interface. If more free marks are needed, increase the minimum.
Clean Up On Exit
If set to no or false the firewall configuration will not get cleaned up on exit or stop of firewalld.
If set to enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist. The lockdown whitelist file is lockdown-whitelist.xml.
Performs a reverse path filter test on a packet for IPv6. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped. The rp_filter for IPv4 is controlled using sysctl.
Do not use combined -restore calls, but individual calls. This increases the time that is needed to apply changes and to start the daemon, but is good for debugging.
Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones. Possible values are: