Firewalld Configurations on CentOS 7.x

Introduction to Installing and Managing Firewalld on Centos VM, FirewallD is included by default with CentOS 7.
Step-1: To start the service and enable FirewallD on boot
sudo systemctl start firewalld
sudo systemctl enable firewalld
Step-2: To stop and disable it
sudo systemctl stop firewalld
sudo systemctl disable firewalld
Step-3: Check firewall status. The output should say either running or not running.
sudo firewall-cmd --state
Step-4: To view the status of the FirewallD daemon
sudo systemctl status firewalld
Example output:
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: active (running) since Wed 2015-09-02 18:03:22 UTC; 1min 12s ago
Main PID: 11954 (firewalld)
CGroup: /system.slice/firewalld.service
└─11954 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Step-5: To reload a FirewallD configuration
sudo firewall-cmd --reload
Step-6: Configuring FirewallD
#Configuration files are located in two directories:
# holds default configurations like default zones and common services.
/usr/lib/firewalld
# holds system configuration files. These files will overwrite a default configuration.
/etc/firewalld
Step-7: Add the rule to both the permanent and runtime sets.
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=http
Step-8: Add the rule to the permanent set and reload FirewallD
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --reload
Step-9: To view the default zone
sudo firewall-cmd --get-default-zone
Step-10: To change the default zone
sudo firewall-cmd --set-default-zone=internal
Step-11: To see the zones used by your network interface(s)
sudo firewall-cmd --get-active-zones
Step-12: To get all configurations for a specific zone
sudo firewall-cmd --zone=public --list-all
Step-13: To get all configurations for all zones
sudo firewall-cmd --list-all-zones
Step-14: To view the default available services
sudo firewall-cmd --get-services
Step-15: As an example, to enable or disable the HTTP service
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --remove-service=http --permanent
Step-16: Allowing or Denying an Arbitrary Port/Protocol
# As an example: Allow or disable TCP traffic on port 12345.
sudo firewall-cmd --zone=public --add-port=12345/tcp --permanent
sudo firewall-cmd --zone=public --remove-port=12345/tcp --permanent
Categories