CentOS Linux Security System Administration

Enable Firewall and Disable Firewall on CentOS7

How to Enable the Firewall and How to Disable the Firewall on CentOS 7.5

Firewalld is the default firewall program on CentOS 7.5. It is a command line program which is used to configure the firewall of CentOS 7.5. It is very easy to use.  Firewalld is available in Ubuntu/Debian, RHEL 7, CentOS 7, Fedora and many more Linux distribution.

In this article, I will show you how to enable Firewalld, how to disable Firewalld, and how to use Firewalld on CentOS 7.5. Let’s get started.

Installing Firewalld

Firewalld should be installed by default on CentOS 7.5.  If for any case it is not installed on your CentOS 7.5 operating system, you can easily install it from the official package repository of CentOS 7.5.  First update the yum package repository cache with the following command:

$ sudo yum makecache

The yum package repository cache should be updated.

Now install Firewalld with the following command:

$ sudo yum install firewalld

Press y and then press <Enter> to continue.

Firewalld should be installed.

Checking Whether Firewalld is Enabled

If Firewalld is enabled, it will start when your computer boots.

You can run the following command to check whether Firewalld is enabled:

$ sudo systemctl is-enabled firewalld

Adding Firewalld to the System Startup

If Firewalld is not enabled to start on system boot, you can run the following command to add it to the system startup. That way it will start when your computer boots.

$ sudo systemctl enable firewalld

Firewalld should be added to the system startup.

Removing Firewalld from the System Startup

If you don’t want Firewalld to start when your computer boots, that is you want to disable Firewalld, then run the following command:

$ sudo systemctl disable firewalld

Firewalld should be removed from your system startup.

Checking Whether Firewalld is Running

You can check whether Firewalld is running with the following command:

$ sudo systemctl status firewalld

As you can see from the screenshot below, Firewalld is running.

Starting Firewalld Service

If Firewalld is not running, then you can start Firewalld with the following command:

$ sudo systemctl start firewalld

Stopping Firewalld Service

If Firewalld is running, and you want to stop it, run the following command:

$ sudo systemctl stop firewalld

Using Firewalld

Firewalld has a command line utility firewall-cmd that you can use to configure the Firewalld firewall program.

Listing the Current Firewalld Configuration:

You can run the following command to list the current or active Firewalld configuration:

$ sudo firewall-cmd --list-all

The currently active Firewalld configuration should be listed.

Modifying Firewalld Configuration Permanently and Temporarily:

If you want to configure Firewalld permanently, that is, if the computer is rebooted, the changes should still be active, you have to add –permanent flag to every firewall-cmd configuration command.

If you want to test something, then you may leave out the –permanent flag. In this case, the changes should be reverted back once you restart your computer.

Adding Services:

You can let other computers on your network connect to specific services on your computer by adding these services to Firewalld.

For example, if you want other computers on your network to access the web server or HTTP service on your computer, you can add it to the Firewalld configuration as follows:

$ sudo firewall-cmd --add-service=http --permanent

NOTE: Here, http is the service name.

The http service should be added.

You can find all the available services if you run the following command:

$ ls /usr/lib/firewalld/services

All the predefined services are listed.

NOTE: You can copy one of the XML service file and create your own custom services.

Removing Services:

If you want to remove a service from the Firewalld configuration that is already added, let’s say, the http service, then you can run the following command:

$ sudo firewall-cmd --remove-service=http --permanent

NOTE: Here http is the service name.

The http service should be removed.

Adding Ports to Firewalld:

If the program you want to allow access to don’t have any predefined service in Firewalld, but you know the port the program is running on, you can add it to Firewalld without the need to create any service XML file (in /usr/lib/firewalld/services directory).

For example, if you want to add the TCP port 80 to Firewalld, run the following command:

$ sudo firewall-cmd --add-port=80/tcp --permanent

If you want to add an UDP port 80, then run the following command:

$ sudo firewall-cmd --add-port=80/udp --permanent

The port should be added.

You can also add a range of ports, let’s say TCP port 80008100, then run the following command:

$ sudo firewall-cmd --add-port=8000-8100/tcp --permanent

The ports should be added.

Removing Ports from Firewalld:

You can remove a TCP port, let’s say port 80 from Firewalld with the following command:

$ sudo firewall-cmd --remove-port=80/tcp --permanent

For UDP port 80, run the following command:

$ sudo firewall-cmd --remove-port=80/udp --permanent

For a range of TCP ports, let’s say 80008100, run the following command:

$ sudo firewall-cmd --remove-port=8000-8100/tcp --permanent

Reload Firewalld Configuration:

Once you’re done configuring Firewalld, you must run the following command to reload the new configuration:

$ sudo firewalld --reload

That’s how you install, enable and disable, use Firewalld on CentOS 7.5. Thanks for reading this article.

About the author

Shahriar Shovon

Shahriar Shovon

Freelancer & Linux System Administrator. Also loves Web API development with Node.js and JavaScript. I was born in Bangladesh. I am currently studying Electronics and Communication Engineering at Khulna University of Engineering & Technology (KUET), one of the demanding public engineering universities of Bangladesh.