Learn how to configure, enable, disable and create rules within the CentOS 7 Firewall and customize your security.
How to Create a Permanent Rule in CentOS 7
When we configure Firewalld in CentOS 7 we can create two types of rules, permanent or immediate, in this way when we edit a rule the change will be seen automatically but at the next login, this rule will be reverted.
To avoid this we must use the -permanent parameter so that the rule is continuous and is not deleted at each session start.
How to Start Firewall Service in CentOS 7
It is important that before creating the necessary rules with Firewalld activate the Firewalld service, for this we enter the following.
sudo systemctl start Firewalld.service
In case an error message is displayed indicating that Firewalld is not installed we can execute the following command for its installation:
sudo yum install Firewalld -y
To see the status of the Firewall service we will use the following command. We can see that his state is running (Running).
In this way we have enabled the service and we are able to create and edit the Firewall rules in CentOS 7.
How to See the Current Zone of CentOS 7
We can visualize the current zone in which our equipment is located using the following command.
The result will be the following:
To know what rules are associated with this zone we can use the following command:
How to Explore the Different Zones in CentOS 7
We can verify which zones are available for use by entering the following command:
It is possible to see the configuration associated with a zone using the -zone parameter; for example:
Firewall-cmd --zone=home --list-all
How to Select Zones For Network Interfaces in CentOS 7
It is possible that in an active session we want to assign a specific zone to a network interface of the equipment, for this we will assign the home zone to the eth0 interface of CentOS 7:
sudo Firewall-cmd --zone=home --change-interface=eth0
We can see that its status is correct, we can validate this using the following command:
The problem is that the interface will return to its default zone if we have not configured a defined zone within this interface, these interface configurations are hosted within the following route:
The files within this directory are in the ifcfg-interface format. For example, we can define the zone for the eth0 interface using the following command:
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
How to Adjust Rules for Apps in CentOS 7
We can add exceptions to the Firewall so that certain applications can be executed directly without any problem, to see the services available in CentOS 7 we will use the following command:
To enable a service in a specific zone it will be necessary that we use the following parameter:
If we want to add the http service in the public zone we will use the following syntax:
sudo Firewall-cmd --zone=public --add-service=http
It is possible to see all the services in this zone, including the newly added one, using the following command.
Firewall-cmd --zone=public --list-services
Now, if we want this service to be permanent, we must add, as we have mentioned, the -permanent parameter .
sudo Firewall-cmd --zone=public --permanent --add-service=http
In this way, the service will be active at every CentOS 7 session start.
How to open a Port for a Specific Zone in CentOS 7
Opening a port in the Firewall gives us the possibility of obtaining better support for our applications and programs, for example, if we have an application that uses the UDP port 3500 we must add it to the zone using the -add-port parameter like this:
sudo Firewall-cmd --zone=public --add-port=3500/udp
To see the open ports in the Firewall we can use the following command.
How to Create your Zone in CentOS Firewalld 7
Although the zones that are by default in the CentOS 7 Firewall cover the needs of an organization, we may want to create our rules for specific services.
We are going to create a new area called Solvetic, for which we will enter the following:
sudo Firewall-cmd --permanent --new-zone=LinuxCode
We can use the following command to see the active zones in CentOS 7:
sudo Firewall-cmd --permanent --get-zones
Now for the new zone to be reflected we must restart the Firewalld service using the following command:
sudo Firewall-cmd –reload
Now, if we want to add a service to our new zone, for example SSH, we will use the following command:
sudo Firewall-cmd --zone=Solvetic --add-service=ssh
How to Enable Startup at Boot Firewall
If we want to enable the Firewall service since the CentOS 7 boot, we can use the following command:
sudo systemctl enable Firewalld
In this way Firewall will be active at all times in CentOS 7 protecting all system parameters.
How to Stop and Disable Firewalld in CentOS 7
To disable Firewalld in CentOS 7 we must use the following command:
systemctl disable Firewalld
To stop Firewalld completely we will use the following command:
systemctl stop Firewalld
In this way we can manage all the values of Firewalld in CentOS 7 to establish zones according to the corporate need.
Security is very important and more if we talk about a work environment where information is much more delicate.