Set Up FirewallD on CentOS 7: Best Firewall Manager

In this article, we want to teach you to Set Up FirewallD on CentOS 7. Firewalld is a firewall management solution for many Linux distributions including, Ubuntu, Debian, CentOS, RHEL, and Fedora, and all versions of them. You can now proceed to the guide steps below on the Orcacore website to Set Up FirewallD on CentOS 7 and start using it.

Steps To Set Up FirewallD on CentOS 7

First, you need to log in as a non-root user to set up a firewall. you can check our article about the Initial server setup with Centos 7.

Before setting up a Firewall with Firewalld on Centos 7 let’s see FirewallD zones first.

FirewallD uses zones and services instead of IP tables’ chains and rules. Zones are a set of rules that specify what traffic should be allowed depending on the level of trust you have in the network your computers are connected. Network interfaces assign a zone to dictate behavior that the firewall should allow.

Set Up FirewallD on CentOS 7
Set Up FirewallD on CentOS 7

1. FirewallD zones

Here is a list of predefined zones for Firewalld:

1. Drop: This zone has the least level of trust and is used to drop all incoming traffic without sending any acknowledgment to the sender.

2. Block: This zone is very similar to the Drop zone, the incoming traffic is rejected and the sender gets a message.

3. Public: This allows traffic from certain public networks.

4. External: This zone is used when your system acts as a gateway or router.

5. Internal: The set of rules that apply to the computers in your private internal network.

6. DMZ: This zone is an isolated patch of computers in your internal network that may not access other internal resources.

7. Work: This zone is used for work machines. The trust level is high.

8. Home: Most computers in this zone trust each other. The trust level is higher than at work.

9. Trusted: This zone has the highest trust level. All computers in the network are trusted.

2. Installing Firewalld on Centos 7

Here you can Set Up FirewallD on CentOS 7 by following these steps.

Install Firewalld on Centos 7 with the following command:

sudo yum install firewalld -y

Then enable it and reboot the system with the following commands:

# sudo systemctl enable firewalld
# sudo reboot

You can see that your service is verified and running with the following command:

sudo firewall-cmd –state

3. Firewall rules on Centos 7

After setting up a firewall with firewalld on Centos 7 you can see firewall rules too.

You can see which zone is selected with the following command:

sudo firewall-cmd --get-active-zones

You can see the default zone’s configuration with:

sudo firewall-cmd --list-all

Get a list of active zones with:

firewall-cmd --get-zones

Now You can see each active zone that you have with the following command for example for home:

sudo firewall-cmd --zone=home --list-all

4. Select zones for your interfaces of Firewall

When you have configured your network interfaces, each interface will be put in the default zone when the firewall is booted.

You can change the interface for example for home with the following command:

sudo firewall-cmd --zone=home --change-interface=eth0

See this was successful with the following command:

firewall-cmd --get-active-zones

5. Adjust a default zone for the Firewall

In Set Up FirewallD on CentOS 7, you can select zones for your interfaces can adjust a default zone.
It’s better to adjust a default zone and use that for your configuration with the following command:

sudo firewall-cmd --set-default-zone=home

Add service in your Firewalld zone

First, you can get a list of available services with the following command:

firewall-cmd --get-services

Enable a service of your list for example HTTP service with:

sudo firewall-cmd --zone=public --add-service=http

You can see it with:

sudo firewall-cmd --zone=public --list-services

Make your public zone change permanent by:

sudo firewall-cmd --zone=public --permanent --add-service=http

You can see it with:

sudo firewall-cmd --zone=public --permanent --list-services

Open a port for your zone on Firewalld

You can add a port for your zone with the following command: For example, your application runs on port 8000 and uses TCP:

sudo firewall-cmd --zone=public --add-port=8000/tcp

List it with:

sudo firewall-cmd --zone=public --list-ports

If your application runs on port 3500-3700 and uses UDP run the following command:

sudo firewall-cmd --zone=public --add-port=3500-3700/udp

Permanent them by:

# sudo firewall-cmd --zone=public --permanent --add-port=8000/tcp
# sudo firewall-cmd --zone=public --permanent --add-port=3500-3700/udp
# sudo firewall-cmd --zone=public --permanent --list-ports

Define a service on FirewallD

At this point, you learn How to set up a firewall with firewalld and learn about firewall rules on Centos 7. Let’s see how to define a service.

If you forget a service on your server maybe it’s difficult to remember the port that opened it.
In this situation, you can define a service to solve that.

For example, you can copy the SSH service to use for the ‘example’ service definition with the following command:

sudo cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/example.xml

You can set changes to it by Vi editor:

sudo vi /etc/firewalld/services/example.xml

You can change the short name for the service and add a description for it and put your port protocols in it. After you are finished save and close your file.

Reload the firewall:

sudo firewall-cmd –reload

Now you can see it in your available services:

firewall-cmd --get-services

Create your own zone on FirewallD

At this point, you set up firewalld on Centos 7 and learn about its rules. You can also create your own zones. For example, you want to create a zone for your web server, named public web.

Use the following command:

sudo firewall-cmd --permanent --new-zone=publicweb

Then reload the firewall:

sudo firewall-cmd --reload
firewall-cmd --get-zones

Add services for your zone for example:

sudo firewall-cmd --zone=publicweb --add-service=ssh

Change your interfaces by:

sudo firewall-cmd --zone=publicweb --change-interface=eth0

You can set permanent configuration by:

sudo firewall-cmd --zone=publicweb --permanent --add-service=ssh

Restart your network and reload your firewall:

# sudo systemctl restart network
# sudo systemctl reload firewalld

You can set your zone as your default zone:

sudo firewall-cmd --set-default-zone=publicweb

Conclusion

At this point, you learn how to Set Up FirewallD on CentOS 7 and you know about firewalld zones and create your own zone.

Hope you enjoy it. Please subscribe to us on Facebook, Twitter, and YouTube.

Also, you may like to read the following articles:

Securing Alpine Linux with CSF Firewall

Set Up UFW Firewall on Ubuntu 24.04 LTS

Install CSF Firewall on CyberPanel

Enable Firewalld Graphical Interface on Centos 7

Install FirewallD GUI on Fedora 40/39 Linux

Install and Manage Firewalld in AlmaLinux 9

Share your love

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Stay informed and not overwhelmed, subscribe now!