Michael O.
2min Read

Set up Firewalld on Centos 7

Set up Firewalld on Centos 7

Setting up FirewallD on CentOS 7 is a relatively easy and straightforward process. FirewallD is a firewall management tool that CentOS 7 servers offer by default. It provides a dynamic managed firewall with support for network/firewall zones.

How to set up FirewallD on CentOS 7

Here we show you how to set up FirewallD on CentOS 7 if you’re running a web server, SSH on port 7022 and mail server.

FirewallD uses services and zones instead of iptables rules and chains. These services are xml configuration files with information of a service entry. xml configuration files are stored in the /usr/lib/firewalld/services/ and /etc/firewalld/services/ directories.

  1. Change the default zone
    Run # firewall-cmd --get-zones to list all the available zones
    Run # firewall-cmd --get-default-zone to list the default zone
    Change the default zone by entering # firewall-cmd --set-default-zone=dmz
  2. Add permanent service rules for HTTP and HTTPS to the dmz zone
    Run # firewall-cmd --get-services to list all available services.
    Enter # firewall-cmd --zone=dmz --add-service=http --permanent
    and # firewall-cmd --zone=dmz --add-service=https --permanent
  3. Open port 25 (SMTP) and port 465 (SMTPS)
    # firewall-cmd --zone=dmz --add-service=smtp --permanent
    # firewall-cmd --zone=dmz --add-service=smtps --permanent
  4. Open, IMAP, IMAPS, POP3 and POP3S ports
    # firewall-cmd --zone=dmz --add-service=imap --permanent
    # firewall-cmd --zone=dmz --add-service=imaps --permanent
    # firewall-cmd --zone=dmz --add-service=pop3 --permanent
    # firewall-cmd --zone=dmz --add-service=pop3s --permanent
  5. Since the SSH port is changed to 7022, you need to remove the SSH service (port 22) and open port 7022
    # firewall-cmd --remove-service=ssh --permanent
    # firewall-cmd --add-port=7022/tcp --permanent
  6. Reload the firewall to implement your changes
    # firewall-cmd --reload
  7. List your firewall rules
    # firewall-cmd --list-all

Protect your server with FirewallD

When you set up FirewallD on CentOS 7, you ensure a higher server safety level. FirewallD features graphical configuration tool (firewall-config) and command line tool (firewall-cmd).

For more advice or assistance setting up FirewallD on CentOS 7, contact HOSTAFRICA today.


The Author

Michael O.

Michael is the founder, managing director, and CEO of HOSTAFRICA. He studied at Friedrich Schiller University Jena and was inspired by Cape Town's beauty to bring his German expertise to Africa. Before HOSTAFRICA, Michael was the Managing Director of Deutsche Börse Cloud Exchange AG, one of Germany's largest virtual server providers.

More posts from Michael