FirewallD is a firewall management tool for Linux. FirewallD comes pre-installed on CentOS.

Enable FirewallD

To enable FirewallD with the default set of rules, run:

$ sudo systemctl enable firewalld

To check the status of FirewallD:

$ sudo systemctl status firewalld

Disable FirewallD

To disable FirewallD, run:

$ sudo systemctl disable firewalld

Example Rules

Show Rules

To show current FirewallD rules, run:

$ sudo firewall-cmd --list-all

To show current services enabled in FirewallD, run:

$ sudo firewall-cmd --list-services

To show permanent services enabled in FirewallD, run:

$ sudo firewall-cmd --permanent --list-services

Reload FirewallD Rules

$ sudo firewall-cmd --reload

Allow Service HTTPS

To allow HTTPS, run:

$ sudo firewall-cmd --add-service=https

Allow TCP Port 8080

$ sudo firewall-cmd --add-port=8080/tcp

Allow Masquearading On External Zone

To set up masquerading on the external zone, run:

$ sudo firewall-cmd --zone=external --permanent --add-masquerade

Log Denied Packages

To start logging denied packages, the file /etc/sysconfig/firewalld needs to be edited. The LogDenied value needs to be set to all so that the line will look like this: