Firewall is a crucial component of system security, which monitors and controls incoming and outgoing network traffic based on predefined security rules. In CentOS 7 distribution, firewalld, a dynamic firewall manager with zone support, is commonly used. This article will guide you through the basic configuration of firewalld on CentOS 7, from installation to rule management and activation.
Installation and Launching firewalld
Assuming firewalld is not yet installed on your system. To install it, open a terminal and enter the following command:
sudo yum install firewalld
After installation, start the service and ensure its automatic startup upon system reboot using the commands:
sudo systemctl start firewalld
sudo systemctl enable firewalld
Basic Configuration and Management
Firewalld categorizes network traffic into zones, which define the level of trust for connected devices and applications. To display all available zones, use the command:
firewall-cmd --get-zones
To assign a network interface to a specific zone, use the command:
sudo firewall-cmd --zone=public --change-interface=eth0
This command assigns the eth0 interface to the public zone. Now, you can configure rules for this zone.
Adding Rules
To allow or deny services, use commands:
sudo firewall-cmd --zone=public --add-service=http
sudo firewall-cmd --zone=public --remove-service=http
If you need to open a specific port, use:
sudo firewall-cmd --zone=public --add-port=8080/tcp
It's important to mention that changes made with commands without the --permanent parameter are temporary and only valid until the next service or system restart. For permanent changes, add the --permanent parameter to the command.
Applying Changes and Checking Status
After making changes, it's necessary to apply the rules using the command:
sudo firewall-cmd --reload
To check the current status of zones and rules, use:
sudo firewall-cmd --list-all-zones
This command displays the configuration of all zones, including allowed services and open ports.
Proper configuration of firewalld is crucial for securing your system. Thanks to the dynamic nature of firewalld, you can easily adjust network traffic rules according to the current needs of your system without the need to restart the service or the system. Always ensure that your rules are up-to-date and align with your organization's security policy.
