Introduction to FirewallD and firewall-cmd command on CentOS

FirewallD is known as firewall management solution accessible for many Linux distributions which serves as a frontend controller for the iptables used to execute persistent network traffic rules provided by the Linux kernel. In this article, we show you how to set up a firewall in the server and some of the basics controlling the firewall with the firewall-cmd administrative tool. The FirewallD having two main variations compared to directly controlling the iptables.

1. Rather than chain and rules, FirewallD uses zones and services.
2. This can manage rulesets dynamically and provide updates without any breaking existing sessions and connections.

Note: FirewallD is a layer for iptables to allow easier control of iptables, Here you can’t replace iptables just rules–it. While iptables commands are still open to FirewallD, it allows only FirewallD commands with FirewallD.

Managing and Maintaining FirewallD

In CentOS7 by default, the FirewallD is included but it is inactive. Managing it is related as with other systemd units.

Start and enable the FirewallD service.

Stop and disable the FirewallD service.

If you need to check the firewall status this will help to know either firewall running or not use the following command.

View the status of the FirewallD daemon

Reload the FirewallD configuration.

Configuration of FirewallD

The FirewallD is set up with an XML file. Some of the particular configurations you won’t have to deal with them and firewall-cmd should be used preferably and the FirewallD configuration file is located in two different directories below you can see.

1. The below path contains configurations like common services and default zones.
/usr/lib/FirewallD

2. The below path contains system configuration files. These files will overwrite a default configuration.
/etc/firewalld

Basic Configuration Sets

Here the FirewallD have two configuration sets one is Runtime and another one is Permanent. Runtime configuration changes are not grasped on reboot or restarting FirewallD although permanent changes are not used to a running system. Default firewall-cmd commands refer to runtime configuration but using the constant flag will create a resolute configuration.

Using two methods you can add and activate a permanent rule.

Rule to both the permanent and runtime sets.

Rule to the permanent set and reload FirewallD.

Firewall Zones

Firewall zones are predefined rulesets for several trust levels. If you would likely hold for a provided location or situation, For example, home, public, etc.. They are a different type of zones that allows different network services and incoming traffic types while rejecting everything else. Once you allowing FirewallD for the initial period, the Public will be the default zone.

View the default zone

Change the default zone

View the zones managed by your network interface

Get all configurations for a particular zone

Get all configurations for all zones

FirewallD Services

The FirewallD can provide traffic based on predefined rules for particular network sets. Here you can create your own custom code services rules and you can add them to any zone in the services.

View the default running available services

To enable or disable the HTTP service

Allowing or Denying an Arbitrary Port/Protocol

E.g. Allow or deny TCP traffic on port 55001.

Port Forwarding

E.g. Add the below code to forwards traffic from port 80 to port 55001 on the same server.

Activate masquerade in the zone.

Add the forward rule traffic from local port 80 to port 8080 on a remote server located at the IP address: 192.321.21.1.