Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
How to Enable and Use firewalld on CentOS 7?
Firewall is an essential component of any computer system that helps protect against unauthorized access and malicious attacks. On CentOS 7, firewalld is a popular firewall management tool that provides an easy and intuitive way to configure and manage the firewall rules. In this article, we will discuss how to enable and use firewalld on CentOS 7.
Enabling Firewalld on CentOS 7
The firewalld service is not enabled by default on CentOS 7. Therefore, before we can use it, we need to enable and start the service.
To enable and start the firewalld service, we need to execute the following commands in the terminal −
sudo systemctl enable firewalld sudo systemctl start firewalld
These commands will enable and start the firewalld service on the CentOS 7 system.
Using Firewalld on CentOS 7
Once the firewalld service is enabled and started, we can start using it to configure the firewall rules.
To list all the available firewall zones, we can execute the following command −
sudo firewall-cmd --get-zones
This command will list all the available firewall zones on the CentOS 7 system, such as public, home, work, and trusted.
To check the current active zone, we can execute the following command −
sudo firewall-cmd --get-default-zone
This command will display the current active firewall zone on the CentOS 7 system.
To add a new service to the firewall, we can execute the following command −
sudo firewall-cmd --zone=public --add-service=http --permanent
This command will add the HTTP service to the public firewall zone and make the rule permanent, which means that the rule will be saved and applied even after a system reboot.
To remove a service from the firewall, we can execute the following command −
sudo firewall-cmd --zone=public --remove-service=http --permanent
This command will remove the HTTP service from the public firewall zone and make the rule permanent.
To reload the firewall rules, we can execute the following command −
sudo firewall-cmd --reload
This command will reload the firewall rules and apply any changes that we have made.
In addition to the basic commands mentioned above, firewalld provides many other options that we can use to configure and manage the firewall rules. Here are some other useful commands that we can use with firewalld on CentOS 7 −
To list all the active firewall rules, we can execute the following command −
sudo firewall-cmd --list-all
This command will display a list of all the active firewall rules on the CentOS 7 system.
To add a port to the firewall, we can execute the following command −
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
This command will add the port 80/tcp to the public firewall zone and make the rule permanent.
To remove a port from the firewall, we can execute the following command −
sudo firewall-cmd --zone=public --remove-port=80/tcp --permanent
This command will remove the port 80/tcp from the public firewall zone and make the rule permanent.
To block an IP address or a range of IP addresses, we can execute the following command −
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.10" reject' --permanent
This command will block the IP address 192.168.1.10 from accessing the public firewall zone and make the rule permanent.
To allow an IP address or a range of IP addresses, we can execute the following command −
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.10" accept' --permanent
This command will allow the IP address 192.168.1.10 to access the public firewall zone and make the rule permanent.
Firewalld also provides support for managing network interfaces, creating and managing custom zones, and managing services and applications. Here are some additional commands that we can use with firewalld on CentOS 7 −
To list all the network interfaces, we can execute the following command −
sudo firewall-cmd --get-interfaces
This command will display a list of all the network interfaces on the CentOS 7 system.
To add a network interface to the firewall, we can execute the following command −
sudo firewall-cmd --zone=public --add-interface=eth0 --permanent
This command will add the network interface eth0 to the public firewall zone and make the rule permanent.
To remove a network interface from the firewall, we can execute the following command −
sudo firewall-cmd --zone=public --remove-interface=eth0 --permanent
This command will remove the network interface eth0 from the public firewall zone and make the rule permanent.
To create a custom zone, we can execute the following command −
sudo firewall-cmd --permanent --new-zone=myzone
This command will create a new custom zone named myzone and make the rule permanent.
To manage a service or application, we can execute the following commands −
sudo firewall-cmd --zone=public --add-service=http --permanent sudo firewall-cmd --zone=public --remove-service=http --permanent
These commands will add or remove the HTTP service from the public firewall zone and make the rule permanent.
Firewalld also supports managing ICMP (Internet Control Message Protocol) packets, managing source and destination ports, and configuring rich rules. Here are some additional commands that we can use with firewalld on CentOS 7 −
To manage ICMP packets, we can execute the following commands −
sudo firewall-cmd --zone=public --add-icmp-block-inversion --permanent sudo firewall-cmd --zone=public --add-icmp-block=echo-request --permanent
These commands will allow incoming ICMP packets to the public firewall zone and make the rule permanent.
To manage source and destination ports, we can execute the following commands −
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.10" port port="22" protocol="tcp" accept' --permanent sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination address="192.168.1.10" port port="22" protocol="tcp" accept' --permanent
These commands will allow incoming or outgoing traffic on port 22 (SSH) for the IP address 192.168.1.10 and make the rule permanent.
To configure rich rules, we can execute the following command −
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="http" accept' --permanent
This command will allow incoming traffic on port 80 (HTTP) for the IP address range 192.168.1.0/24 and make the rule permanent.
Firewalld also allows us to manage port forwarding and masquerading. Here are some additional commands that we can use with firewalld on CentOS 7 −
To manage port forwarding, we can execute the following command −
sudo firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
This command will forward incoming traffic on port 80 to port 8080 and make the rule permanent.
To manage masquerading, we can execute the following command −
sudo firewall-cmd --zone=public --add-masquerade --permanent
This command will enable masquerading for the public firewall zone and make the rule permanent.
Conclusion
Firewalld is an excellent firewall management tool that provides an easy and intuitive way to configure and manage the firewall rules on CentOS 7. In this article, we discussed how to enable and use firewalld on CentOS 7. By following the steps mentioned above, we can easily configure and manage the firewall rules on our CentOS 7 system and protect it against unauthorized access and malicious attacks.
71 Views
