As cybersecurity threats continue to evolve, having a robust firewall setup is no longer a luxury but a necessity. Firewalls act as the first line of defense, filtering network traffic to protect your system from malicious attacks. In Linux systems, FirewallD has emerged as a popular firewall management solution, superseding iptables due to its flexibility and user-friendly nature.
This tutorial focuses on configuring FirewallD on CentOS 9/8 and RHEL 9/8. It serves as a comprehensive guide, walking you through the installation process, understanding FirewallD zones, setting up firewall rules, managing ports, creating custom zones, and viewing firewall settings.
Prerequisites
Before you begin, ensure that you have:
- A system running CentOS 9/8 or RHEL 9/8
- Root or sudo user access
Step 1: Installation
First, let’s install FirewallD. If it’s not already installed, you can add it using the yum package manager:
sudo yum install firewalld -y
Step 2: Enable and Start FirewallD
Next, enable FirewallD to start on boot, and then start the service:
sudo systemctl enable firewalld
sudo systemctl start firewalld
To confirm that FirewallD is running, you can use:
sudo systemctl status firewalld
Step 3: Understanding FirewallD Zones
FirewallD uses ‘zones’ to manage rules. Each zone represents a level of trust and is associated with a specific network interface or IP address range. The default zones from least trusted to most trusted are: drop, block, public, external, dmz, work, home, and trusted.
To list all available zones, use:
firewall-cmd --get-zones
To get the default zone, use:
firewall-cmd --get-default-zone
Step 4: Configuring Firewall Rules
To add a service (like HTTP) to a zone, use:
sudo firewall-cmd --zone=public --add-service=http --permanent
Note that –permanent makes the change survive reboots. Without this flag, the rule will only last until the next reboot or service restart.
Reload the firewall for the changes to take effect:
sudo firewall-cmd --reload
Step 5: Opening and Closing Ports
To open a specific port, use:
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload
To close the port, use:
sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
sudo firewall-cmd --reload
Step 6: Creating Custom Zones
You can create custom zones for more granular control. For example:
sudo firewall-cmd --permanent --new-zone=customzone
Add an interface to your new zone:
sudo firewall-cmd --permanent --zone=customzone --add-interface=eth1
Don’t forget to reload the firewall:
sudo firewall-cmd --reload
Step 7: Viewing Firewall Settings
To view all settings for a zone, use:
sudo firewall-cmd --zone=public --list-all
And that’s it! You’ve now set up and configured FirewallD on CentOS 9/8 or RHEL 9/8. Remember, always check and test your rules to ensure they are working as expected.
Conclusion
In conclusion, setting up and configuring FirewallD on your CentOS 9/8 or RHEL 9/8 system can significantly enhance your system’s security posture. This tutorial has provided a comprehensive guide to getting you started with FirewallD, from installation to the creation of custom zones for granular control. While the process may seem complex initially, practice and familiarity will make it much simpler over time. Always remember that maintaining a secure system involves continuous effort; regularly review and update your firewall rules to respond to evolving threats. With FirewallD, you have a powerful tool at your disposal to help ensure your system’s integrity and security.