Using firewall-cmd in CentOS 7

Note: Do note that the default zone is “public”

Section 1: Checking Zones and Prerequisites

Option 1: Check State of Firewalld

# firewall-cmd --state

Option 2: Check Default Zone

# firewall-cmd --get-default-zone

Option 3: Check Active Zones

# firewall-cmd --get-active-zones
public: etho eth1

Option 4: Get Zones

# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

Section 2: Selecting Zones for your Interfaces

Option 1: Change Interfaces

# firewall-cmd --permanent --zone=trusted --change-interface=eth0 
# firewall-cmd --reload

Option 2: Verify the Zone has been changed

firewall-cmd --get-active-zones
interfaces: eth0
interfaces: eth1

Section 3: Editing Firewall-CMD Rules

Option 1: Opening Ports (Single)

# firewall-cmd --permanent --zone=public --add-port=80/tcp
# firewall-cmd --reload

Option 2: Opening Ports (Range)

# firewall-cmd --permanent --zone=public --add-port=80-90/tcp
# firewall-cmd --reload

Option 3: List Ports

#  firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp6s0f0 eno2 ib1
  services: ssh dhcpv6-client
  ports: 22/tcp 5053/tcp 57889/tcp
  masquerade: no
  rich rules:

Option 4: Remove Port

# firewall-cmd --permanent --zone=public --remove-port=80/tcp
# firewall-cmd --reload

Option 5: Adding Service

Checking Services

# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server

Finally, Add Service

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --reload


  1. How To Set Up a Firewall Using FirewallD on CentOS 7

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.