Firewalld Quickstart Guide

Last Updated: Mon, Apr 13, 2020
Quickstart Guides Security System Admin

Firewalld is the default software firewall for CentOS 7 and other modern distributions based on Red Hat or SUSE Linux. This quickstart guide outlines several useful commands and techniques to assist debugging Firewalld.

Verify firewalld is active

$ firewall-cmd --state
running

Check the zones assigned to active interfaces

$ firewall-cmd --get-active-zones
public
    interfaces: ens3

Check which ports and services are allowed

Assuming your active zone is public, this quick check reveals what traffic is allowed.

$ firewall-cmd --zone=public --list-ports
7000-8000/tcp

$ firewall-cmd --zone=public --list-services
cockpit dhcpv6-client ssh

Example: Allow SSH

Assuming your active zone is public, use either of these two methods to allow SSH.

$ firewall-cmd --zone=public --add-service=ssh

or

# firewall-cmd --add-port=22/tcp

Panic Mode

Drop All Packets

As root, use the --panic-on switch.

# firewall-cmd --panic-on

All packets will be dropped. Active connections will be terminated after a period of inactivity.

Panic Mode Off

As root, use the --panic-off switch.

# firewall-cmd --panic-off

Check Panic Mode Status

firewall-cmd --query-panic && echo "enabled" || echo "Not enabled"

Permanent vs. Temporary Configuration

Temporary changes cause a common issue; the server works as expected until the next reboot. Make sure you permanently save your configuration.

To make a command permanent, add the --permanent option to all commands except --direct commands (which are temporary by nature). Setting made with the --permanent option do not take effect until the next firewall reload, service restart, or system reboot. Settings made without the --permanent option take effect immediately, but are only valid until the next firewall reload, system boot, or service restart.

Disable firewalld

As root, mask and disable the service.

# systemctl mask --now firewalld.service
# systemctl disable --now firewalld.service

For more information

Want to contribute?

You could earn up to $300 by adding new articles