Linux

How To Open Port FirewallD and Close Port FirewallD -CentOS 7

Like IPtables, FirewallD is a Linux firewall that filters packets of data. FirewallD uses Netfilter but Netfilter might need to be enabled on some OpenVZ / Virtuozzo containers. See Useful VZCTL commands on how to achieve this. FirewallD is the default firewall on all of our Linux NVMe VPS Servers. To open a port in firewalld the command line is used. Similarly, to close a port in FirewallD we also use commands.

FirewallD has the added advantage of zones. You can enable and disable specific zones and set the trust level for these zones. The default files for FirewallD are located in the following directories.

/usr/lib/FirewallD

These are the default files and should not be updated. When you update FirewallD you will lose any custom configurations.

/etc/firewalld

This is where any user customizations are stored but these files will overwrite the default configuration files.

Enable & Start FirewallD

systemctl enable firewalld
systemctl start firewalld

Stop & Disable FirewallD

systemctl stop firewalld
systemctl disable firewalld

To check the current status of FirewallD run the state command

firewall-cmd --state

Manage FirewallD Zones

Zones are a predefined set of rules, instead of, for example opening port 80 in IPtables for website traffic you can enable the HTTP service in FirewallD

Enable HTTP Service- FirewallD

firewall-cmd --zone=public --add-service=http --permanent

Disable HTTP Service – FirewallD

firewall-cmd --zone=public --remove-service=http --permanent

Enable HTTPS Service – FirewallD

firewall-cmd --zone=public --add-service=https --permanent

Disable HTTPS Service – FirewallD

firewall-cmd --zone=public --remove-service=https --permanent

Change FirewallD Zones

The default zone is public and you can change the default zone to another zone like “internal” with the following command

firewall-cmd --set-default-zone=internal

Or change it to private with this command

firewall-cmd --set-default-zone=private

The default zones in FirewallD are home, public, trusted, internal, and private. The default configuration for all zones can be listed by the all zones function.

firewall-cmd --list-all-zones

Open port FirewallD

So, you can open ports in FirewallD by adding that port to your default zone. If your default zone is public then you would open port 1212 with this command

firewall-cmd --zone=public --add-port=1212/tcp --permanent

But, if your default zone is private you would use the following command

firewall-cmd --zone=private --add-port=1212/tcp --permanent

Close Port FirewallD

So to close a port in firewalld or remove a port from a zone you would issue;

firewall-cmd --zone=public --remove-port=1212/tcp --permanent

Remember to ensure you remove the port from the correct zone. Restart FirewallD when you make changes to it. So to restart the service issue the restart command

systemctl restart firewalld

So, that’s the basics on how to manage FirewallD on Linux CentOS 7 and CentOS 8. We have learnt how to Open a port in FirewallD. Then, we learnt how to close a port in FirewallD, configure zones and restart the services.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button