How to install and configure the firewall in CentOS/RHEL?

In this article, you will learn about how to install and configure the firewall in CentOS/RHEL 7/8?

The firewall is an essential part of any network. It is a process of observing and filtering outgoing and incoming network traffic. So, the firewall helps us to allow or block the port or services for a particular program. The CentOS/RHEL 7/8 come along with firewalld daemon. Also, you can easily manage it with firewall-cmd command.

Installing the firewall

If you want to access the firewall, then you must install and configure the firewall. The firewall is available by default in CentOS 7 and CentOS 8. But, you can use the below command to update the latest version of the firewall. Also, if you don’t know what is the yum then you can read about the yum command.

sudo yum install firewalld

It will prompt for confirmation once or twice, accept by pressing y, and then pressing Enter key.

Starting the firewall service

There is the command to start the firewall service. The firewall daemon’s name is firewalld.

sudo systemctl start firewalld

Restarting the firewall service

To restart the firewall service,

sudo systemctl restart firewalld

Also, for an automatic start on system startup, you can use the following command.

sudo systemctl enable firewalld

Checking the status of the firewall service

It is good to check the status of the firewall, which will make sure that it is running or not?

sudo systemctl status firewalld
Checking the firewalld status
Checking the firewall service status.

Listing the services which are enabled in firewall public zone

To list all the services and ports are enabled in a public zone, you can use the below command.

sudo firewall-cmd --list-all

So, this command will list all the services and protocols, you can see in the picture.

install and configure firewall
Listing the firewall current zone.

Listing a specific zone

If you want to list any specific zone then you have to define it, for example, I want to see the list for home then I have to type --zone=home.

sudo firewall-cmd --list-all --zone=home
firewall status for home
Checking the firewall setting for home zone

Listing service only

In short, you want to list only the enable service, then you can use the following command.

sudo firewall-cmd --list-service
install and configure firewall

List all the predefined services

If you want to list the predefined services, then you can use the below command. So, it will list the available service name.

sudo firewall-cmd --get-services

Adding service or port in the firewall

The below command will help you to add a service in filewall.

sudo firewall-cmd –add-service <service name>

For example, I am going to add a service which name is HTTP.

sudo firewall-cmd --add-service http

Note: If you want to make this service permanent then you can use the below commands.

Firstly, you have already added that service for temporary with the above command, then you can use the below command to make it permanent.

sudo firewall-cmd --runtime-to-permanent

Secondly, If you want to add a service now with permanent then use below command.

sudo firewall-cmd --add-service http --permanent

*** But, If you want to add a port in the firewall, use the below command

sudo firewall-cmd –add-port <port-number>/<port-type>

For example, I’m going to add port 443 and port type is tcp

sudo firewall-cmd --add-port 443/tcp

To make this port permanent, add --permanent in all of the commands, see the example below.

sudo firewall-cmd --runtime-to-permanent

OR

sudo firewall-cmd --add-port 443/tcp --permanent

To remove a service from the firewall

If you want to remove a service then you can use the following command,

sudo firewall-cmd --remove-service <service-name>

For example, I’m going to remove http service

sudo firewall-cmd --remove-service http

After removing the service above, make the changes permanent using the below command.

sudo firewall-cmd --runtime-to-permanent

To remove a port from the firewall

If you want to remove a port from the firewall then you can use the below command.

sudo firewall-cmd --remove-port <port-number>/<port-type>

For example, I am going to remove port 443 and port type tcp

sudo firewall-cmd --remove-port 443/tcp

After removing the port, now make the changes permanent

sudo firewall-cmd --runtime-to-permanent

OR

While you are removing that port add –permanent in the last portion of the command, look like,

sudo firewall-cmd --remove-port 443/tcp --permanent

Adding in a particular zone 

To list the all the available zones, use the following command.

sudo firewall-cmd --get-zones

To get the details of all the zones,

sudo firewall-cmd --list-all-zones

If want to add a service in a particular zone then you can define --zone=<public, work, home>

sudo firewall-cmd --add-service <service-name> --zone=<zone-name>

For example, I am going to add http service in the work zonepermanently. So,the command will be as below.

sudo firewall-cmd --add-service=http --permanent --zone=work

Changing a default zone in the firewall

If you want to change the default zone then check first default zone right now,

sudo firewall-cmd --get-default-zone

To change the default zone,

sudo firewall-cmd --set-default-zone zone-name

For example, I want to change my firewall public zone to work zone

sudo firewall-cmd --set-default-zone work

The above setting will be permanent,

Conclusion

In this tutorial, you learned about how to install and configure the firewall in Linux. I discussed the maximum regular usable command for the firewall. I hope, you understand but if you have any questions, you can ask in the comment section.

Also, you further read,

Leave a Reply

Your email address will not be published.