How to configure and manage firewalld

November 8, 2024 / How-to Guide

In CentOS 7 environments without cPanel/WHM, Firewalld is the default firewall system. It is an improvement over the older Iptables, offering a more user-friendly interface with easier-to-understand commands.

Firewalld organises rules in layers, making it easier for advanced administrators to manage traffic with fine-tuned configurations. While we won’t dive into the more complex features, we will cover the basics of managing Firewalld.

Follow the steps:

  1. Enabling Firewalld:
    1. To start the Firewalld service, use the following command:
      systemctl start firewalld.service

      By default, this service should be running unless configured otherwise.

  2. Checking Firewalld Status:
    To check the status of Firewalld, you can use either of these commands:

    1. Using systemctl (provides detailed information):
      systemctl status firewalld.service
    2. Using Firewalld’s native command (gives a binary output, on/off):
      firewalld-cmd –state
  3. Reloading Firewalld:
    When you add or change rules, Firewalld must be reloaded to apply them. There are two ways to reload the firewall:

    1. Standard reload:
      firewalld-cmd –reload
    2. Complete reload (be cautious as it will stop active connections):
      firewalld-cmd --complete-reload

      Use “complete-reload” carefully as it disconnects active sessions temporarily, though it keeps state information such as temporary rules intact. If you have added permanent rules, you will need to reload the firewall so they can take effect.

  4. Opening a Port in Firewalld
    To open a port in the firewall, use the subsequent commands. You can apply these rules temporarily or permanently:

    1. To open port 80/tcp temporarily:
      firewall-cmd --zone=public --add-port=80/tcp
    2. To open port 80/tcp permanently:
      firewall-cmd --permanent --zone=public --add-port=80/tcp

      If you want the rule to persist after a restart of Firewalld or the server, use the –permanent option.
      Always reload the firewall after adding a permanent rule.

  5. Enabling Debugging in Firewalld
    If you are troubleshooting and need more insight into what’s happening with your firewall, you can enable debugging in the Firewalld configuration. The debugging level will control the verbosity of the logs.To enable debugging, edit the “/etc/sysconfig/firewalld” file and add the following to the “FIREWALLD_ARGS” line:

    --debug=[level]

    The debug levels are:
    1: Loading config files, D-Bus method calls
    2: Backend calls, D-Bus introspection, and access checks
    3: Rules added by backends
    4: Transaction steps
    5-9: Unused (no effect)
    10: XML data introspection

    This will help you understand where issues might be occurring with your firewall configuration.

And that is it! We hope you found this article helpful. If you have any questions or run into issues, don’t hesitate to contact our support team.

Spread the love