How To Open Port FirewallD and Close Port FirewallD -CentOS 7
Like IPtables, FirewallD is a Linux firewall that filters packets of data. FirewallD uses Netfilter but Netfilter might need to be enabled on some OpenVZ / Virtuozzo containers. See Useful VZCTL commands on how to achieve this. FirewallD is the default firewall on all of our Linux NVMe VPS Servers. To open a port in firewalld the command line is used. Similarly, to close a port in FirewallD we also use commands.
FirewallD has the added advantage of zones. You can enable and disable specific zones and set the trust level for these zones. The default files for FirewallD are located in the following directories.
/usr/lib/FirewallD
These are the default files and should not be updated. When you update FirewallD you will lose any custom configurations.
/etc/firewalld
This is where any user customizations are stored but these files will overwrite the default configuration files.
Enable & Start FirewallD
systemctl enable firewalld
systemctl start firewalld
Stop & Disable FirewallD
systemctl stop firewalld
systemctl disable firewalld
To check the current status of FirewallD run the state command
firewall-cmd --state
Manage FirewallD Zones
Zones are a predefined set of rules, instead of, for example opening port 80 in IPtables for website traffic you can enable the HTTP service in FirewallD
Enable HTTP Service- FirewallD
firewall-cmd --zone=public --add-service=http --permanent
Disable HTTP Service – FirewallD
firewall-cmd --zone=public --remove-service=http --permanent
Enable HTTPS Service – FirewallD
firewall-cmd --zone=public --add-service=https --permanent
Disable HTTPS Service – FirewallD
firewall-cmd --zone=public --remove-service=https --permanent
Change FirewallD Zones
The default zone is public and you can change the default zone to another zone like “internal” with the following command
firewall-cmd --set-default-zone=internal
Or change it to private with this command
firewall-cmd --set-default-zone=private
The default zones in FirewallD are home, public, trusted, internal, and private. The default configuration for all zones can be listed by the all zones function.
firewall-cmd --list-all-zones
Open port FirewallD
So, you can open ports in FirewallD by adding that port to your default zone. If your default zone is public then you would open port 1212 with this command
firewall-cmd --zone=public --add-port=1212/tcp --permanent
But, if your default zone is private you would use the following command
firewall-cmd --zone=private --add-port=1212/tcp --permanent
Close Port FirewallD
So to close a port in firewalld or remove a port from a zone you would issue;
firewall-cmd --zone=public --remove-port=1212/tcp --permanent
Remember to ensure you remove the port from the correct zone. Restart FirewallD when you make changes to it. So to restart the service issue the restart command
systemctl restart firewalld
So, that’s the basics on how to manage FirewallD on Linux CentOS 7 and CentOS 8. We have learnt how to Open a port in FirewallD. Then, we learnt how to close a port in FirewallD, configure zones and restart the services.