Set up Firewalld on Centos 7
Setting up FirewallD on CentOS 7 is a relatively easy and straightforward process. FirewallD is a firewall management tool that CentOS 7 servers offer by default. It provides a dynamic managed firewall with support for network/firewall zones.
How to set up FirewallD on CentOS 7
Here we show you how to set up FirewallD on CentOS 7 if you’re running a web server, SSH on port 7022 and mail server.
FirewallD uses services and zones instead of iptables rules and chains. These services are xml configuration files with information of a service entry. xml configuration files are stored in the /usr/lib/firewalld/services/
and /etc/firewalld/services/
directories.
- Change the default zone
Run# firewall-cmd --get-zones
to list all the available zones
Run# firewall-cmd --get-default-zone
to list the default zone
Change the default zone by entering# firewall-cmd --set-default-zone=dmz
- Add permanent service rules for HTTP and HTTPS to the dmz zone
Run# firewall-cmd --get-services
to list all available services.
Enter# firewall-cmd --zone=dmz --add-service=http --permanent
and# firewall-cmd --zone=dmz --add-service=https --permanent
- Open port 25 (SMTP) and port 465 (SMTPS)
# firewall-cmd --zone=dmz --add-service=smtp --permanent
# firewall-cmd --zone=dmz --add-service=smtps --permanent
- Open, IMAP, IMAPS, POP3 and POP3S ports
# firewall-cmd --zone=dmz --add-service=imap --permanent
# firewall-cmd --zone=dmz --add-service=imaps --permanent
# firewall-cmd --zone=dmz --add-service=pop3 --permanent
# firewall-cmd --zone=dmz --add-service=pop3s --permanent
- Since the SSH port is changed to 7022, you need to remove the SSH service (port 22) and open port 7022
# firewall-cmd --remove-service=ssh --permanent
# firewall-cmd --add-port=7022/tcp --permanent
- Reload the firewall to implement your changes
# firewall-cmd --reload
- List your firewall rules
# firewall-cmd --list-all
Protect your server with FirewallD
When you set up FirewallD on CentOS 7, you ensure a higher server safety level. FirewallD features graphical configuration tool (firewall-config) and command line tool (firewall-cmd).
For more advice or assistance setting up FirewallD on CentOS 7, contact HOSTAFRICA today.