Linux Administrator

How to Configure Firewall in CentOS 7 and RHEL 7

In computer terms, a firewall will stop any network activity on one network from being passed on to another network. In most systems the Linux kernel is compiled with IP forwarding set to yes. What this means is that if the computer has more than one network connected to it then network information will be passed directly from one network to the other as if it was physically connected.

Forgetting to secure and configure a dedicated server firewall is a common mistake and a huge security flaw. Going into the firewall’s configuration allows you to remove unnecessary software that’s connected to the internet. This makes your server and its ports vulnerable to intrusion.

In this article I will show how to install and configure firewall on CentOS 7 and RHEL.

Configure Firewall in Linux

There are three main ways for system administrators to interact with firewalld.

  • By directly editing congfiguration files in /etc/firewalld
  • By using the graphical firewall-config tool
  • By using firewalld-cmd from the command line (will be discussed in this article)

In this article I will discuss how to configure firewall in CentOS 7 and RHEL 7 machine by using firewall-cmd command. Please take note that the firewalld daemon is installed from the firewalld package. It is part of a base install, but not part of a minimal installation.

Install Firewall

Firewalld package is installed by default in RHEL 7.1 and CentOS 7.1. If you noticed it is not installed, you can install it using the following YUM command.

# yum install firewalld -y

Enable and Disable Firewall at Boot

Follow the below command to enable or disable the firewall at boot.

To Disable at boot:

# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'

To Enable at boot :

# systemctl enable firewalld

Verify Firewall is Enable and Running on Your System

Run the below command to verify firewall is enable and running on your system.

# systemctl status firewalld.service

firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: active (running) since Wed 2015-09-09 21:26:25 MYT; 1 weeks 0 days ago
 Main PID: 2348 (firewalld)
   CGroup: /system.slice/firewalld.service
           ??2348 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Sep 09 21:26:25 centos71.ehowstuff.local systemd[1]: Started firewalld - dynamic firewall daemon.

Check Current Default Zone

# firewall-cmd --get-default-zone
public

List all Available Zones

# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

Open up incoming http,https and mysql traffic for public zone

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --permanent --zone=public --add-service=mysql

Activate the Changes

# firewall-cmd --reload

Check Running Firewall Configuration

Query active zone:

# firewall-cmd --get-active-zones

Display All Running Firewall Configuration

# firewall-cmd --zone=public --list-all

public (default, active)
  interfaces: ens32
  sources:
  services: dhcpv6-client http https mysql ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
Thank you! for visiting LookLinux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment