Let’s start with the first thing, what’s a firewall? A firewall is a program or hardware device that regulates connections to a computer. This computer is usually a server. Using a firewall is a great way to maintain the security of our system because it limits who and who can connect to the computer. CentOS also has a very efficient one that you need to know how to use even a little. In this post, you will learn the basic use of the firewall on CentOS 8.
The Firewall on CentOS 8
CentOS firewall is firewalld. It is an application that allows trusting a firewall in a Linux system in a fast and easy way. It has the main advantage that it supports IPv4 and IPv6 in addition to being very stable and fast to set the rules.
Firewalld is configured as a system service. Therefore, we use systemctl as a command to manage it. By default, it is installed and active which makes CentOS a fairly stable and secure system.
In case you want to stop the service just apply this command:
:~# systemctl stop firewalld
Then, if you want to start it, just use this one:
:~# systemctl start firewalld
Or just restart it,
:~# systemctl restart firewalld
Finally, if you want to know the status of the service, the command would be as follows:
:~# systemctl status firewalld
so we manage the service on a basic basis.
The firewall zones on CentOS
Firewalld works with different zones that have a default configuration. There are many different zones. If we order them from greater restriction to lesser restriction, they would be as follows:
- Drop
- Block
- Public
- External
- Internal
- Dmz
- Work
- Home
- Trusted
Generally, the default zone in CentOS is public. It implies that the changes we make will be reflected in that zone. If you want to know the active zone, use this command:
:~# firewall-cmd --get-default-zone
public
Now let’s add service and open ports.
Adding service and ports
This firewall allows you to add services that contain configuration for the most common programs that use ports. To know what these services are, you can list them with the following command:
:~# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
As you can note are many, so it’s probably all there.
To add a service to the current zone, just use the following command:
:~# firewall-cmd --zone=public --add-service=http --permanent
We added the clause --permanent so that the changes are not temporary. In this way, we will be able to enjoy the service at all times.
Then list the active services in the current zone and you will see the changes.
:~# firewall-cmd --zone=public --list-services
dhcpv6-client http ssh
Finally, restart the firewall for the changes to take effect on the network.
:~# firewall-cmd --reload
In case you need to open a specific port, it can also be done with firewalld. To do this, use the following command:
:~#firewall-cmd --zone=public --permanent --add-port=[port]/[protocol]
The protocols can be TCP or UDP. For example:
:~#firewall-cmd --zone=public --permanent --add-port=5234/tcp
Now see the open ports in the firewall.
:~# firewall-cmd --zone=public --permanent --list-ports
5234/tcp
Finally, restart the firewall.
:~# firewall-cmd --reload
And that’s it.
Conclusion
With this little guide you will not be an expert in the use of CentOS 8 Firewall. But it does serve as the basis for most of the tutorials on our website. It is also necessary to know something about the basic use of the firewall in CentOS in order to perform better in the use of the system.
You can also learn to use the firewall in Ubuntu.
Please share this post and join our Telegram channel.
