Firewall is a crucial component of system security, which monitors and controls incoming and outgoing network traffic based on predefined security rules. In CentOS 7 distribution, firewalld, a dynamic firewall manager with zone support, is commonly used. This article will guide you through the basic configuration of firewalld on CentOS 7, from installation to rule management and activation.

Installation and Launching firewalld

Assuming firewalld is not yet installed on your system. To install it, open a terminal and enter the following command:

sudo yum install firewalld

After installation, start the service and ensure its automatic startup upon system reboot using the commands:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Basic Configuration and Management

Firewalld categorizes network traffic into zones, which define the level of trust for connected devices and applications. To display all available zones, use the command:

firewall-cmd --get-zones

To assign a network interface to a specific zone, use the command:

sudo firewall-cmd --zone=public --change-interface=eth0

This command assigns the eth0 interface to the public zone. Now, you can configure rules for this zone.

Adding Rules

To allow or deny services, use commands:

sudo firewall-cmd --zone=public --add-service=http
sudo firewall-cmd --zone=public --remove-service=http

If you need to open a specific port, use:

sudo firewall-cmd --zone=public --add-port=8080/tcp

It's important to mention that changes made with commands without the --permanent parameter are temporary and only valid until the next service or system restart. For permanent changes, add the --permanent parameter to the command.

Applying Changes and Checking Status

After making changes, it's necessary to apply the rules using the command:

sudo firewall-cmd --reload

To check the current status of zones and rules, use:

sudo firewall-cmd --list-all-zones

 

This command displays the configuration of all zones, including allowed services and open ports.

 

Proper configuration of firewalld is crucial for securing your system. Thanks to the dynamic nature of firewalld, you can easily adjust network traffic rules according to the current needs of your system without the need to restart the service or the system. Always ensure that your rules are up-to-date and align with your organization's security policy.