firewalld: RHEL/CentOS Firewall

firewalld is the firewall for RHEL/CentOS. It's easier than iptables.

Here's the thing: firewalld is simpler than iptables. Use it on RHEL/CentOS.

What firewalld Does

firewalld:

Manages firewall rules
Uses zones (public, internal, etc.)
Easier than iptables
Dynamic updates

My take: firewalld is easier. Use it on RHEL/CentOS.

Basic Commands

Check Status

sudo firewall-cmd --state
sudo systemctl status firewalld

My take: Check if firewalld is running. Enable it if not.

View Zones

firewall-cmd --get-zones
firewall-cmd --get-active-zones

My take: Zones organize rules. Public. Internal. DMZ. Use them.

View Rules

firewall-cmd --list-all
firewall-cmd --list-all --zone=public

My take: --list-all shows everything. Use it.

Common Operations

Allow Services

# Allow SSH
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

# Allow HTTP
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

# Allow HTTPS
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

My take: --permanent makes it persistent. --reload applies changes.

Allow Ports

# Allow port
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

# Remove port
sudo firewall-cmd --permanent --remove-port=8080/tcp
sudo firewall-cmd --reload

My take: Allow ports when services aren't predefined.

Set Default Zone

sudo firewall-cmd --set-default-zone=public

My take: Set default zone. Most interfaces use it.

Common Zones

public = Untrusted networks (default)
internal = Trusted internal networks
dmz = Demilitarized zone
work = Work networks
home = Home networks

My take: Use public for internet. Internal for trusted networks.

Common Patterns

Basic Web Server

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Allow Custom Port

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

Common Mistakes (I've Made These)

Forgetting --permanent: Without --permanent, rules are temporary.
Not reloading: After changes, reload. firewall-cmd --reload
Locking yourself out: Allow SSH before blocking. Always.
Wrong zone: Make sure you're modifying the right zone.
Not checking status: Check if firewalld is running. Enable it.

Real-World Examples

Configure Firewall

# Enable firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld

# Allow services
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

# Verify
firewall-cmd --list-all

What's Next?

Now that you understand firewalld, you can secure RHEL/CentOS systems. Or review Networking to understand networks better.

Personal note: firewalld seemed unnecessary at first. Then I used it. Now I prefer it over iptables. It's simpler. Use it on RHEL/CentOS.

What firewalld Does​

Basic Commands​

Check Status​

View Zones​

View Rules​

Common Operations​

Allow Services​

Allow Ports​

Set Default Zone​

Common Zones​

Common Patterns​

Basic Web Server​

Allow Custom Port​

Common Mistakes (I've Made These)​

Real-World Examples​

Configure Firewall​

What's Next?​