• Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate
TecNStuff
Menu
  • Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate

How to Configure and Manage Firewall on CentOS 8 / RHEL 8

Written by Admin, Updated On January 11, 2020
centos, firewall, firewalld, security
How to Configure and Manage the Firewall on CentOS 8 / RHEL 8

By using a firewall you cam to protect your system and filtering from unwanted network traffic. Using firewall you can set up rules which determines either to allow or block traffic. CentOS 8 comes with a dynamic and customizable firewall with a D-Bus interface. You can add or delete or update firewall rules without restarting the firewall daemon or service. This article explains how to configure and manage a firewall for your CentOS 8 system.

Prerequisites#

You must be login as root or user with sudo privileges, to configure the firewall on your CentOS system.

Basic Concepts in Firewalld#

FirewallD uses concepts of services and zones instead of iptables rules and chains. Using that you can configure which traffic should allowed or disallowed to and from system. FirewallD is using firewall-cmd utility to manage your firewall configuration.

FirewallD Zones#

Zones are sets of rules which specify what traffic should be allow depending on the level of trust you have in the networks your computer is connected to. You can assign network interfaces and sources to a zone.

Following are predefined zones included in FirewallD in order from trust level of the zone from least trusted to most trusted:

  • drop: All incoming connections are dropped without any reply. Only outgoing connections are allowed. It’s lowest level of trust.
  • block: This is same as above but all incoming connections are rejected with an icmp-host-prohibited or icmp6-adm-prohibited messages. Only outgoing connections are allowed.
  • public: This represent untrusted public areas. You do not trust other computers on the network but may allow selected incoming connections.
  • external: External networks in the event that you are using the firewall as your gateway. It is configure for NAT masquerading so that your internal network remains private but reachable.
  • internal: For computers in your internal network, only selected incoming connections are accepted.
  • dmz: DMZ demilitarized zone, publicly-accessible with limited access to the internal network, only selected incoming connections are accepted.
  • work: Used for work machines. Trust most of the computers in the network. A few more services might be allow.
  • home: Used for home machines. Other computers on the network are generally trustable. Only selected incoming connections are allowed.
  • trusted: All network connections are acceptable. Trust all of the computers in the network

Firewall services#

FirewallD services are xml configuration files, with predefined rules that apply within a zone and define the necessary settings to allow incoming traffic for a specific service. xml configuration files are stored in the /usr/lib/firewalld/services/ and /etc/firewalld/services/ directories.

Installing and Enabling FirewallD#

By default, Firewalld is available on your CentOS 8. If it’s not on your system then you can install the package by running below command:

sudo yum install firewalld

Firewalld service is enable by default. You can check the firewall status with:

sudo firewall-cmd --state

If you installed now or not activated before then it will print not running otherwise it will print running.

You can start the FirewallD service and enable it on boot by typing:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Configure your firewall with FirewallD#

By default, after enabled FirewallD service the public zone is default zone. You can get list of the default zone by typing:

sudo firewall-cmd --get-default-zone

To get list of all available zones execute below command:

sudo firewall-cmd --get-zones

All network interfaces are assign the default zone. To check what zones are use by your network interface(s) type:

sudo firewall-cmd --get-active-zones

You can print the zone configuration settings with:

public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 eth1
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Change the Default Zone#

To change the default zone use the --set-default-zone flag followed by the name of the zone you want to make default. For example, to change the default zone to home you should run the following command:

sudo firewall-cmd --set-default-zone=home

Verify the changes with:

sudo firewall-cmd --get-default-zone

FirewallD Rule for HTTP and HTTPS#

To add permanent service rules for HTTP and HTTPS to the dmz zone, run:

firewall-cmd --zone=dmz --add-service=http --permanent
firewall-cmd --zone=dmz --add-service=https --permanent

Conclusion#

You have successfully learned how to configure and manage the FirewallD service on your CentOS 8 system. Make sure all the necessary incoming connections are allow to work properly.

If you have questions or suggestion, please feel free to leave a comment below.

If our content helps you, please consider buying us a coffee

Thank you for your support.

Share On
Share on Facebook
Share on Twitter
Share on Reddit
Share on Tumblr
 Previous Article How to Install VirtualBox on CentOS 8
Next Article   How to Install Webmin on CentOS 8

Related Posts

  • How to Install SSH Keys on Ubuntu 22.04

    How to Set up SSH Keys on Ubuntu 22.04

    January 7, 2023
  • How to Install Fail2ban on Ubuntu 22.04

    How to Install and Configure Fail2ban on Ubuntu 22.04

    December 5, 2022
  • How to Install Fail2ban on Debian 11

    How to Install and Configure Fail2ban on Debian 11

    December 4, 2022

Leave a Reply Cancel reply

DigitalOcean Referral Badge

Popular Posts

  • How to Install SSH Keys on Ubuntu 22.04
    How to Set up SSH Keys on Ubuntu 22.04 January 7, 2023
  • How to Install Mongodb on Debian 11
    How to Install MongoDB on Debian 11 Linux January 11, 2023
  • How to Install Puppet Agent on Ubuntu 22.04
    How to Install Puppet Agent on Ubuntu 22.04 January 22, 2023
  • How to Install Jenkins on Debian 11
    How to Install Jenkins on Debian 11 January 5, 2023
  • How to Change-Hostname Ubuntu 22.04
    How to Change Hostname on Ubuntu 22.04 January 19, 2023
© 2020 TecNStuff All rights reserved. This website is using and storing cookies on your browser. By using this website you agree our Privacy Policy.  Follow us -  Twitter | Facebook