Firewalld in CentOS 7: Simplifying Firewall Management
When it comes to securing the CentOS server, one of the essential tools at your disposal is Firewalld. Firewalld is, by default, available in CentOS 7 and many other RHEL-compatible Linux distributions. It provides a user-friendly and dynamic way to manage firewall rules and configurations.
In this article, we will explore what Firewalld is, how to use it effectively, and why it’s a crucial component of CentOS 7 security.
What is Firewalld in CentOS 7?
Firewalld is a firewall management tool that comes pre-installed in CentOS 7. It is designed to provide a user-friendly interface for managing firewall rules and simplifies the process of securing your system against unauthorized access and network threats. Unlike its predecessor, iptables, Firewalld operates with dynamic zones, which can be quickly configured to adapt to different network environments, making it a versatile and powerful tool.
Install Firewalld in CentOS 7 (if not installed)
Firewalld usually comes pre-installed in CentOS 7. In case you do not find it, you can install it using the command below.
$ sudo yum install firewalld -y
Basic Firewalld Concepts
Before diving into configurations and commands, let’s understand some basic concepts related to Firewalld.
Zones: They are used to classify network connections and define specific rules for each zone. There are preconfigured zones like public, internal, and trusted, and each zone has its own set of rules.
Services: Firewalld associates specific network services (e.g., SSH, HTTP, FTP) with ports and protocols. This simplifies rule creation by allowing you to specify a service instead of individual ports and protocols.
Ports: They help to manage incoming and outgoing network traffic. Ports can be opened or closed as required.
Source and Destination: Rules are defined based on source IP addresses, destination IP addresses, or both.
Benefits of Using Firewalld in CentOS 7
- Simplified Configuration
One of the major benefits of Firewalld is its simplified configuration. Administrators can configure firewall settings using simple commands and graphical user interfaces rather than dealing with complicated iptables rules. This makes it easier to use for both beginner and experienced users and lowers the likelihood of configuration errors.
- Dynamic Zones
Firewalld uses dynamic zones that adapt to the network environment. To achieve specific security requirements, zones like “public,” “home,” and “work” can be easily defined and configured. For instance, you can set stricter rules for the “public” zone to safeguard your server when connected to a public Wi-Fi network, while the “home” zone can have more relaxed rules for a trusted environment.
- Rich Rule Sets
Firewalld includes a wide range of predefined services and application-specific rules, making opening or closing ports for particular services easier. Such rule sets are known as service and application shortcuts that can help you save time and effort while configuring the firewall.
- Runtime and Permanent Changes
Firewalld allows you to make both runtime and permanent changes to your firewall rules. Runtime modifications take effect right away but are not persistent after reboots. On the other hand, permanent changes are immediately saved and applied during system reboots, ensuring consistent firewall settings.
Basic Commands for Using Firewalld
To begin using Firewalld in CentOS 7, you will need to understand some of the basic commands:
- Starting Firewalld Service
To check whether the Firewalld is running and active on the system, you can run this command.
$ sudo systemctl status firewalld
If Firewalld is not running, you can start it and enable it to start automatically on system boot using the following commands:
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld
- Checking Zones
As mentioned earlier, Firewalld uses zones to configure firewall rules. You can list available zones with:
sudo firewall-cmd –get-zones
View the default zone with:
sudo firewall-cmd –get-default-zone
- Opening Ports
To open a specific port in Firewalld, you can use the following command:
sudo firewall-cmd –zone=public –add-port=80/tcp –permanent
Replace 80 with the desired port number and tcp with the protocol (tcp/udp). The –permanent flag makes the change persistent.
- Reloading Firewalld Service
After making changes, you should reload Firewalld in CentOS 7 for the changes to take effect:
$ sudo firewall-cmd –reload
- List Rules
To view the active firewall rules in Firewalld, use:
$ sudo firewall-cmd –list-all
Firewalld in CentOS 7 is a useful tool for streamlining firewall maintenance. It is a fantastic option for securing your server due to its user-friendly design, dynamic zones, and extensive rule sets. You can boost the security of your CentOS 7 system by optimizing your firewall configuration by comprehending its fundamental commands and adhering to best practices. Remember, a solid cybersecurity strategy must include a firewall that is properly configured.
Also, it is important to note that the official support for CentOS 7 will end on June 30, 2024. With no further security updates and bug fixes after this end-of-life date, CentOS systems are highly susceptible to security vulnerabilities. Therefore, it is crucial to take action before the end date.
Since CentOS 8 has already reached end of life, and there is no CentOS 9, and you cannot upgrade to the next supported version. What you can do is migrate to an alternative long-term supported distribution, like AlmaLinux.
Discover how to migrate CentOS 7 to AlmaLinux 8 or 9 in our step-by-step tutorial.
Alternatively, you can use TuxCare’s Extended Lifecycle Support for CentOS 7 if you need to keep using CentOS 7 longer. It offers an additional four years of support for CentOS 7 with security updates and patches protecting your system from vulnerabilities. Moreover, you will get some extra time to plan your migration while remaining secure.
Whether you want to migrate or buy extended support, you should create a detailed strategy to cope with the CentOS 7 end of life. Read more in this CentOS 7 End of Life Playbook.