Set up Firewalld on Centos 7
Setting up FirewallD on CentOS 7 is a relatively easy and straightforward process. FirewallD is a firewall management tool that CentOS 7 servers offer by default. It provides a dynamic managed firewall with support for network/firewall zones.
How to set up FirewallD on CentOS 7
Here we show you how to set up FirewallD on CentOS 7 if you’re running a web server, SSH on port 7022 and mail server. FirewallD uses services and zones instead of iptables rules and chains. FirewallD services are xml configuration files with information of a service entry. xml configuration files are stored in the /usr/lib/firewalld/services/ and /etc/firewalld/services/ directories.
- Change the default zone:
Run # firewall-cmd –get-zones to list all the available zones
Run # firewall-cmd –get-default-zone to list the default zone
Change the default zone by entering # firewall-cmd –set-default-zone=dmz
- Add permanent service rules for HTTP and HTTPS to the dmz zone
Run # firewall-cmd –get-services to list all available services.
Enter # firewall-cmd –zone=dmz –add-service=http –permanent
and # firewall-cmd –zone=dmz –add-service=https –permanent
- Open port 25 (SMTP) and port 465 (SMTPS)
# firewall-cmd –zone=dmz –add-service=smtp –permanent
# firewall-cmd –zone=dmz –add-service=smtps –permanent
- Open, IMAP, IMAPS, POP3 and POP3S ports:
# firewall-cmd –zone=dmz –add-service=imap –permanent
# firewall-cmd –zone=dmz –add-service=imaps –permanent
# firewall-cmd –zone=dmz –add-service=pop3 –permanent
# firewall-cmd –zone=dmz –add-service=pop3s –permanent
- Since the SSH port is changed to 7022, you need to remove the SSH service (port 22) and open port 7022:
# firewall-cmd –remove-service=ssh –permanent
# firewall-cmd –add-port=7022/tcp –permanent
- Reload the firewall to implement your changes:
# firewall-cmd –reload
- List your firewall rules:
# firewall-cmd –list-all
Protect your server with FirewallD
When you set up FirewallD on CentOS 7, you are ensuring a higher safety level for your server. FirewallD features graphical configuration tool (firewall-config) and command line tool (firewall-cmd). For more advice or assistance setting up FirewallD on CentOS 7, contact HOSTAFRICA today.
Just because you don’t have anything of value on your server, doesn’t mean that malicious actors won’t target it. You may be thinking that since your server isn’t even running […]
Picture this: you’re going about your business online; writing the ol’ blog post, replying to a reader, preparing your newsletter, when a subtle message pops up in the corner. You […]