Set up Firewalld on Centos 7
Setting up FirewallD on CentOS 7 is a relatively easy and straightforward process. FirewallD is a firewall management tool that CentOS 7 servers offer by default. It provides a dynamic managed firewall with support for network/firewall zones.
How to set up FirewallD on CentOS 7
Here we show you how to set up FirewallD on CentOS 7 if you’re running a web server, SSH on port 7022 and mail server. FirewallD uses services and zones instead of iptables rules and chains. FirewallD services are xml configuration files with information of a service entry. xml configuration files are stored in the /usr/lib/firewalld/services/ and /etc/firewalld/services/ directories.
- Change the default zone:
Run # firewall-cmd –get-zones to list all the available zones
Run # firewall-cmd –get-default-zone to list the default zone
Change the default zone by entering # firewall-cmd –set-default-zone=dmz
- Add permanent service rules for HTTP and HTTPS to the dmz zone
Run # firewall-cmd –get-services to list all available services.
Enter # firewall-cmd –zone=dmz –add-service=http –permanent
and # firewall-cmd –zone=dmz –add-service=https –permanent
- Open port 25 (SMTP) and port 465 (SMTPS)
# firewall-cmd –zone=dmz –add-service=smtp –permanent
# firewall-cmd –zone=dmz –add-service=smtps –permanent
- Open, IMAP, IMAPS, POP3 and POP3S ports:
# firewall-cmd –zone=dmz –add-service=imap –permanent
# firewall-cmd –zone=dmz –add-service=imaps –permanent
# firewall-cmd –zone=dmz –add-service=pop3 –permanent
# firewall-cmd –zone=dmz –add-service=pop3s –permanent
- Since the SSH port is changed to 7022, you need to remove the SSH service (port 22) and open port 7022:
# firewall-cmd –remove-service=ssh –permanent
# firewall-cmd –add-port=7022/tcp –permanent
- Reload the firewall to implement your changes:
# firewall-cmd –reload
- List your firewall rules:
# firewall-cmd –list-all
Protect your server with FirewallD
When you set up FirewallD on CentOS 7, you are ensuring a higher safety level for your server. FirewallD features graphical configuration tool (firewall-config) and command line tool (firewall-cmd). For more advice or assistance setting up FirewallD on CentOS 7, contact HOSTAFRICA today.