var img = document.createElement('img'); img.src = "https://easystat.de/piwik.php?idsite=13&rec=1&url=https://docs.vps2day.com" + location.pathname; img.style = "border:0"; img.alt = "tracker"; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(img,s);
Skip to main content

How to install firewalld on CentOS

In this tutorial, we will explain How to install firewalld on CentOS.

firewalld is a firewall management tool for Linux operating systems. It provides firewall features by acting as a front-end for the Linux kernel's Netfilter framework via the iptables command, acting as an alternative to the iptables service. The name firewalld adheres to the Unix convention of naming system daemons by appending the letter "d".

info

This tutorial is now older than 2 years and may contain outdated information. There might be inaccuracies due to major changes in the software described. You should rather consider this tutorial as a general guideline that may or may not work in your specific situation.

Prerequisites

In order to follow along this tutorial, you'll need

Step 1 – Install Firewalld

Firewalld is available in the default CentOS repositories. If you are connected to your server using a non-root user, you'll need to prefix the following commands with sudo to run them with elevated privileges. You can install it by running the following command:

sudo yum install firewalld

In order to actually start the firewalld service, you need to run:

sudo systemctl start firewalld

By default, starting the firewalld service will not enable it for auto-start when your server starts. To enable firewalld for auto-start run:

sudo systemctl enable firewalld

In order to check the status of firewalld, you can run:

sudo systemctl status firewalld

Step 2 – Add services

In order to allow public access to a service (e.g. your webserver), you need to add it to the firewalld configuration. You can do this by using the following command:

sudo firewall-cmd --add-service=http --permanent
warning

If you are configuring your firewall via SSH, it might happen that you accidentally lock yourself out. Please double-check all firewall settings before actually applying them. If you lock yourself out, you may have to use a VNC console to fix the settings because your access to your SSH service might be blocked afterward. You can learn more about the VPS2day VNC console here.

In this example, we'll permanently allow public internet access to our http service.

To remove that service again, you can run the following command:

sudo firewall-cmd --remove-service=http --permanent

To see a list of all available pre-configured services that ship with firewalld, you can run the following command:

ls /usr/lib/firewalld/services

Step 3 – Add ports

Instead of allowing access to pre-defined services, you can also allow access to certain ports. This is useful if you want to allow access to a service that is not pre-configured in firewalld. You can do this by using the following command:

sudo firewall-cmd --add-port=8080/tcp --permanent

And to remove the port again, you can run:

sudo firewall-cmd --remove-port=8080/tcp --permanent

If you want to allow access to a UDP port instead of a TCP port, you can just replace tcp with udp in the above commands.

Step 4 – Configuration

To further configure firewalld, you need to use this command:

sudo firewall-cmd

Using this command, you can e.g. see all firewall rules that are currently applied on your server.

sudo firewall-cmd --list-all