Firewalld Configurations on CentOS 7.x

Introduction to Installing and Managing Firewalld on Centos VM, FirewallD is included by default with CentOS 7.

Step-1: To start the service and enable FirewallD on boot

sudo systemctl start firewalld
sudo systemctl enable firewalld

Step-2: To stop and disable it

sudo systemctl stop firewalld
sudo systemctl disable firewalld

Step-3: Check firewall status. The output should say either running or not running.

sudo firewall-cmd --state

Step-4: To view the status of the FirewallD daemon

sudo systemctl status firewalld

Example output:

firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: active (running) since Wed 2015-09-02 18:03:22 UTC; 1min 12s ago
Main PID: 11954 (firewalld)
CGroup: /system.slice/firewalld.service
└─11954 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Step-5: To reload a FirewallD configuration

sudo firewall-cmd --reload

Step-6: Configuring FirewallD

#Configuration files are located in two directories:

# holds default configurations like default zones and common services.
	/usr/lib/firewalld  
# holds system configuration files. These files will overwrite a default configuration.
	/etc/firewalld

Step-7: Add the rule to both the permanent and runtime sets.

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=http

Step-8: Add the rule to the permanent set and reload FirewallD

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --reload

Step-9: To view the default zone

sudo firewall-cmd --get-default-zone

Step-10: To change the default zone

sudo firewall-cmd --set-default-zone=internal

Step-11: To see the zones used by your network interface(s)

sudo firewall-cmd --get-active-zones

Step-12: To get all configurations for a specific zone

sudo firewall-cmd --zone=public --list-all

Step-13: To get all configurations for all zones

sudo firewall-cmd --list-all-zones

Step-14: To view the default available services

sudo firewall-cmd --get-services

Step-15: As an example, to enable or disable the HTTP service

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --remove-service=http --permanent

Step-16: Allowing or Denying an Arbitrary Port/Protocol

# As an example: Allow or disable TCP traffic on port 12345.
sudo firewall-cmd --zone=public --add-port=12345/tcp --permanent
sudo firewall-cmd --zone=public --remove-port=12345/tcp --permanent