How to setup a Firewall using FirewallD on CentOS and Almalinux

Introduction

In the modern digital landscape, ensuring the security of your systems and networks is of paramount importance. One of the key tools in safeguarding your CentOS 7 server is FirewallD, a dynamic firewall management utility. FirewallD provides an easy-to-use interface for configuring and managing firewalls, allowing you to control incoming and outgoing network traffic. In this article, we will guide you through the process of setting up a firewall using FirewallD on CentOS 7, Alma Linux or Redhat (RHLE), enabling you to strengthen the security of your server.

Step 1: Installing FirewallD

Before diving into the firewall configuration, ensure that FirewallD is installed on your CentOS 7 system. By default, CentOS 7 ships with FirewallD, but if it is not installed, you can install it using the following command:

$ sudo yum install firewalld

Step 2: Starting and Enabling FirewallD

Once FirewallD is installed, start the service and enable it to start at boot by executing the following commands:

$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld

Step 3: Understanding FirewallD Concepts

Before we proceed with firewall configuration, it is essential to understand a few key concepts of FirewallD:

• Zones: FirewallD uses zones to define the level of trust for different network connections. By assigning interfaces to zones, you can apply specific rules to control access.
• Services: Services are predefined sets of rules that allow or block specific types of traffic. FirewallD provides a range of predefined services for common services such as HTTP, HTTPS, SSH, etc.
• Ports: Ports are associated with specific network services or applications. Opening or closing ports allows or blocks traffic for those services.

Step 4: Configuring FirewallD Zones

By default, FirewallD comes with several predefined zones, including “public,” “work,” and “home.” To view the available zones, use the following command:

$ sudo firewall-cmd --get-zones

To assign an interface to a specific zone, use the following command:

$ sudo firewall-cmd --zone=zone_name --add-interface=interface_name --permanent

Replace zone_name with the desired zone and interface_name with the name of the interface you wish to assign.

Step 5: Opening Ports and Allowing Services

To enable specific services or open ports, you can use the following commands:

To allow a service:

$ sudo firewall-cmd --zone=zone_name --add-service=service_name --permanent

To open a port:

$ sudo firewall-cmd --zone=zone_name --add-port=port_number/tcp --permanent

Remember to replace zone_name, service_name, and port_number with the appropriate values.

Step 6: Applying Changes and Reloading FirewallD

After making any changes to the firewall configuration, apply the changes and reload FirewallD using the following commands:

$ sudo firewall-cmd --reload
$ sudo systemctl restart firewalld

Step 7: Verifying the Firewall Configuration

To verify that the firewall configuration is applied correctly, you can use various commands, such as:

To view the active zones:

$ sudo firewall-cmd --get-active-zones

To list all the services allowed in a specific zone:

$ sudo firewall-cmd --zone=zone_name --list-services

To check the open ports in a specific zone:

$ sudo firewall-cmd --zone=zone_name --list-ports

Conclusion

By following the steps outlined in this article, you can easily set up a firewall using FirewallD on CentOS 7. Taking the time to configure and manage your firewall is a crucial step in ensuring the security and integrity of your server. FirewallD provides a user-friendly interface for controlling network traffic and allows you to define rules based on zones, services, and ports. By actively monitoring and updating your firewall configuration, you can protect your CentOS 7 server from unauthorized access and potential security threats.