Configure a Firewall with Firewalld ⋆ ALexHost SRL

Test your skills on our all Hosting services and get 15% off!

Use code at checkout:

Skills
01.11.2024

Configure a Firewall with Firewalld

Configure a Firewall with Firewalld

In today’s digital age, securing your server and network is crucial. A firewall acts as a barrier between your trusted internal network and untrusted external networks, controlling incoming and outgoing traffic based on predetermined security rules. Firewalld is a dynamic firewall management tool available on many Linux distributions, such as CentOS, Fedora, and RHEL. This article will guide you through the basics of installing, configuring, and managing a firewall using Firewalld. For a more in-depth understanding and additional resources, you can visit our comprehensive guide: An Introduction to Firewalld.

Installing Firewalld

On most Linux distributions, Firewalld is included in the default repositories. Here’s how to install it on popular distributions:

For CentOS/RHEL:

sudo yum install firewalld

For Fedora:

sudo dnf install firewalld

For Debian/Ubuntu:

While Firewalld is primarily used on RHEL-based systems, it can also be installed on Debian-based systems:

sudo apt install firewalld

Starting and Enabling Firewalld

After installation, you need to start and enable Firewalld to run at boot.

sudo systemctl start firewalld
sudo systemctl enable firewalld

You can check the status of Firewalld with:

sudo systemctl status firewalld

Basic Firewalld Commands

Firewalld uses the firewall-cmd command for configuration and management. Below are some fundamental commands to get you started.

Check the Default Zone

Firewalld uses zones to manage rules. You can check the default zone with:

sudo firewall-cmd --get-default-zone

List All Zones

To see all available zones, use:

sudo firewall-cmd --get-zones

Set the Default Zone

You can change the default zone with:

sudo firewall-cmd --set-default-zone=public

Example 1: Changing the Default Zone to Home

If you often connect to a trusted home network, you might want to set your default zone to home. This way, devices on your home network can communicate more freely without unnecessary restrictions. Here’s how you can do it:

  1. Set the Default Zone to Home:
    sudo firewall-cmd --set-default-zone=home
  2. Verify the Change:

    To confirm that the default zone has been set to home, you can run:

    sudo firewall-cmd --get-default-zone

    You should see the output:

Example 2: Setting the Default Zone to Work

If you often connect to a work network, you might want to set your default zone to work. Here’s how to do that:

  1. Set the Default Zone to Work:
    sudo firewall-cmd --set-default-zone=work
  2. Verify the Change:

    Run the following command to check that the default zone is now set to work:

    sudo firewall-cmd --get-default-zone

    The output should indicate:

Get Active Zones

To see which zones are currently active and their associated interfaces, run:

sudo firewall-cmd --get-active-zones

Configuring Firewalld

Adding Services

Firewalld allows you to easily add services to a zone. For example, to allow HTTP traffic in the public zone, use:

sudo firewall-cmd --zone=public --add-service=http --permanent

To apply the changes, reload Firewalld:

sudo firewall-cmd --reload

You can verify that the service was added by running:

sudo firewall-cmd --zone=public --list-services

Removing Services

If you need to remove a service, such as HTTPS, you can do so with:

sudo firewall-cmd --zone=public --remove-service=https --permanent

Opening Specific Ports

You can open specific ports (e.g., port 8080) in a zone:

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent

Closing Ports

To close a port, use:

sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent

Reloading Firewalld

Whenever you make changes, it’s essential to reload Firewalld to apply those changes:

sudo firewall-cmd --reload

Working with Zones

Firewalld supports different zones that can be applied to interfaces. Each zone defines a level of trust for network connections. Here are some commonly used zones:

  • public: For use in public areas, the default zone for untrusted connections.
  • home: For home networks where you trust other hosts.
  • work: For work networks, similar to home but less trusted.
  • dmz: For servers that should be accessible from the outside but need to be isolated from the internal network.

Advanced Configuration: Rich Rules

Firewalld also supports rich rules, allowing for more complex configurations. For example, to allow SSH from a specific IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.100" service name="ssh" accept'

Monitoring Firewalld

To view the current configuration and active rules, use:

sudo firewall-cmd --list-all

Conclusion

Firewalld provides an intuitive way to manage your firewall configurations on Linux. By utilizing zones, services, and rich rules, you can effectively control access to your system and enhance security. Remember to periodically review and update your firewall rules to adapt to changes in your network and security posture. With this guide, you are now equipped to configure and manage a firewall using Firewalld effectively.

Test your skills on our all Hosting services and get 15% off!

Use code at checkout:

Skills