For CentOS, AlmaLinux, and Rocky Linux, the default firewall management tool is firewalld. this is how you can enable and configure the firewall on these systems:
Step 1: Install firewalld (if not already installed)
sudo yum install firewalld -y
Step 2: Enable and Start firewalld
sudo systemctl enable firewalld sudo systemctl start firewalld
You can also check its status using this command:
sudo systemctl status firewalld
Step 3: Basic Configuration
By default, firewalld comes with predefined zones that represent different trust levels for network connections. The most commonly used zone is public.
-
Check the current default zone:
sudo firewall-cmd --get-default-zone -
Check active zones and services:
sudo firewall-cmd --get-active-zones sudo firewall-cmd --list-all
Step 4: Allow Specific Services and Ports
Here are simple rules that you need to add:
-
Allow SSH (Port 22):
sudo firewall-cmd --permanent --add-service=ssh -
Allow HTTP (Port 80) and HTTPS (Port 443):
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https -
Allow a Specific IP Address (e.g., 192.168.1.100):
sudo firewall-cmd --permanent --add-source=192.168.1.100
Step 5: Reload firewalld to Apply Changes
sudo firewall-cmd --reload
Step 6: Verify the Rules
To check the currently active rules:
sudo firewall-cmd --list-allYou can also list all the added services and ports:
sudo firewall-cmd --permanent --list-all
Step 7: Disable firewalld (if needed)
If you need to disable the firewall temporarily:
sudo systemctl stop firewalld sudo systemctl disable firewalld
Step 8: Additional Useful Commands
-
Check if a Port is Allowed:
sudo firewall-cmd --query-port=8080/tcp -
Remove a Port or Service Rule (example for SSH):
sudo firewall-cmd --permanent --remove-service=ssh sudo firewall-cmd --reload -
Allow ICMP (Ping):
sudo firewall-cmd --permanent --add-icmp-block-inversion sudo firewall-cmd --reload
WeChat: Krypt98Official
QQ: 
+1-855-579-7888
