Firewalld: Difference between revisions

Firewalld is the default firewall for CentOS 7. It replaces the CentOS 6 firewall, iptables.

Using firewalld

Starting and stopping firewalld:

 systemctl start firewalld
 systemctl stop firewalld

Listing current configuration for firewalld:

 sudo firewall-cmd --list-all

Permitting a service through firewall (opens port that corresponds with service):

 sudo firewall-cmd --zone=public --add-service=<service-name> --permanent

Opening a specific TCP/UDP port:

 sudo firewall-cmd --add-port=<port number>/<tcp or udp> --permanent

Example: adding NFS to firewalld

 sudo firewall-cmd --zone=public --add-service=nfs --permanent
 sudo firewall-cmd --zone=public --add-service=rpc-bind --permanent
 sudo firewall-cmd --zone-public --add-service=mountd --permanent

Example: adding tcp port 8080 to firewalld

 sudo firewall-cmd --add-port=8080/tcp --permanent

Reload the firewall after adding services to the firewall configuration:

 sudo firewall-cmd --reload