Skip to main content
HashnodeServers

Command Palette

Search for a command to run...

Firewalld Configuration on CentOS RHEL Guide

Published
4 min read
Firewalld Configuration on CentOS RHEL Guide
D
daniel carvajal

Introduction to Firewalld

When it comes to securing your Linux server, few tools are as central as FirewallD. If you are running CentOS or RHEL, mastering firewalld configuration is not just optional, it is essential. Let us be honest, firewall rules can look intimidating at first. But once you break it down, configuring FirewallD is more straightforward than you think. The keyword firewalld configuration is trending because more admins and beginners are searching for ways to lock down their systems quickly without getting lost in complex rules. This article will walk you through the basics, from installation to real use cases, and by the end you will feel comfortable enough to handle your own setup without relying on guesswork.

What is FirewallD

FirewallD is a firewall management tool that uses zones and services to simplify security. Unlike older tools such as iptables, it comes with a dynamic approach that lets you apply changes instantly without restarting the service. This means less downtime and more flexibility.

Why Use FirewallD on CentOS or RHEL

Simplicity

FirewallD is much easier to configure than raw iptables. Commands are more human-readable, and you get predefined zones and services.

Dynamic updates

You ever noticed how restarting services for small tweaks can be annoying? With FirewallD, rules are applied immediately without dropping connections.

Zone-based rules

You can set different security rules for different network interfaces. For example, you might want strict rules for a public network and looser rules for internal ones.

Installing FirewallD

Before you can use firewalld configuration, you need to make sure it is installed. On most CentOS or RHEL systems, FirewallD comes pre-installed. If not, run:

yum install firewalld -y
systemctl start firewalld
systemctl enable firewalld

This ensures the service is active and will start automatically after reboot.

Understanding Zones in FirewallD

Zones are at the heart of firewalld configuration. Each zone defines a trust level for your connections. For example:

  • Public zone is for untrusted networks

  • Home zone is for private networks

  • Internal zone is for trusted internal communications

Assigning interfaces to zones helps you apply the right level of control without writing dozens of custom rules.

Basic FirewallD Commands

Here are some commands you will use often:

firewall-cmd --state
firewall-cmd --get-active-zones
firewall-cmd --zone=public --list-all

These commands help you check the status, see which zones are active, and list current rules.

Adding Services to Zones

Example adding HTTP

To allow web traffic, run:

firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload

This enables HTTP in the public zone permanently. The reload makes changes take effect.

Example adding SSH

Allowing SSH is just as simple:

firewall-cmd --zone=public --add-service=ssh --permanent
firewall-cmd --reload

Adding Ports to Zones

Sometimes, you need to open specific ports. For example, to allow port 8080:

firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload

Managing Rich Rules

Rich rules give you more control. For example, to allow traffic only from a specific IP:

firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.100" accept'
firewall-cmd --reload

This lets you fine-tune firewalld configuration without going full manual with iptables.

Checking Your Configuration

Always verify your changes:

firewall-cmd --zone=public --list-all

This shows all allowed services, ports, and rules in your chosen zone.

Tips for Beginners

  • Always test new rules before making them permanent

  • Keep SSH access enabled to avoid locking yourself out

  • Use zones wisely to segment your network traffic

Conclusion

FirewallD is one of those tools that looks harder than it really is. With just a handful of commands, you can lock down your CentOS or RHEL system and feel confident about your setup. The beauty of firewalld configuration is that it grows with you. Start with basic services and ports, then move into zones and rich rules as you get comfortable. Whether you are running a small VPS or managing multiple servers, learning FirewallD will save you headaches and give your system the protection it deserves.

Sources:
Red Hat
CentOS Docs
DigitalOcean HowToForge

#linux#rhel#firewall

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Servers

13 posts