How to Enable the Firewall and How to Disable the Firewall on CentOS 7.5

Firewalld is the default firewall program on CentOS 7.5. It is a command line program which is used to configure the firewall of CentOS 7.5. It is very easy to use.  Firewalld is available in Ubuntu/Debian, RHEL 7, CentOS 7, Fedora and many more Linux distribution.

In this article, I will show you how to enable Firewalld, how to disable Firewalld, and how to use Firewalld on CentOS 7.5. Let’s get started.

Installing Firewalld

Firewalld should be installed by default on CentOS 7.5.  If for any case it is not installed on your CentOS 7.5 operating system, you can easily install it from the official package repository of CentOS 7.5.  First update the yum package repository cache with the following command:

The yum package repository cache should be updated.

Now install Firewalld with the following command:

Press y and then press <Enter> to continue.

Firewalld should be installed.

Checking Whether Firewalld is Enabled

If Firewalld is enabled, it will start when your computer boots.

You can run the following command to check whether Firewalld is enabled:

Adding Firewalld to the System Startup

If Firewalld is not enabled to start on system boot, you can run the following command to add it to the system startup. That way it will start when your computer boots.

Firewalld should be added to the system startup.

Removing Firewalld from the System Startup

If you don’t want Firewalld to start when your computer boots, that is you want to disable Firewalld, then run the following command:

Firewalld should be removed from your system startup.

Checking Whether Firewalld is Running

You can check whether Firewalld is running with the following command:

As you can see from the screenshot below, Firewalld is running.

Starting Firewalld Service

If Firewalld is not running, then you can start Firewalld with the following command:

Stopping Firewalld Service

If Firewalld is running, and you want to stop it, run the following command:

Using Firewalld

Firewalld has a command line utility firewall-cmd that you can use to configure the Firewalld firewall program.

Listing the Current Firewalld Configuration:

You can run the following command to list the current or active Firewalld configuration:

The currently active Firewalld configuration should be listed.

Modifying Firewalld Configuration Permanently and Temporarily:

If you want to configure Firewalld permanently, that is, if the computer is rebooted, the changes should still be active, you have to add –permanent flag to every firewall-cmd configuration command.

If you want to test something, then you may leave out the –permanent flag. In this case, the changes should be reverted back once you restart your computer.

Adding Services:

You can let other computers on your network connect to specific services on your computer by adding these services to Firewalld.

For example, if you want other computers on your network to access the web server or HTTP service on your computer, you can add it to the Firewalld configuration as follows:

NOTE: Here, http is the service name.

The http service should be added.

You can find all the available services if you run the following command:

All the predefined services are listed.

NOTE: You can copy one of the XML service file and create your own custom services.

Removing Services:

If you want to remove a service from the Firewalld configuration that is already added, let’s say, the http service, then you can run the following command:

NOTE: Here http is the service name.

The http service should be removed.

Adding Ports to Firewalld:

If the program you want to allow access to don’t have any predefined service in Firewalld, but you know the port the program is running on, you can add it to Firewalld without the need to create any service XML file (in /usr/lib/firewalld/services directory).

For example, if you want to add the TCP port 80 to Firewalld, run the following command:

If you want to add an UDP port 80, then run the following command:

The port should be added.

You can also add a range of ports, let’s say TCP port 8000 – 8100, then run the following command:

The ports should be added.

Removing Ports from Firewalld:

You can remove a TCP port, let’s say port 80 from Firewalld with the following command:

For UDP port 80, run the following command:

For a range of TCP ports, let’s say 8000 – 8100, run the following command:

Reload Firewalld Configuration:

Once you’re done configuring Firewalld, you must run the following command to reload the new configuration:

That’s how you install, enable and disable, use Firewalld on CentOS 7.5. Thanks for reading this article.