24

In CentOS 6 I could type setup from the command line and I would be presented with a set of tools, one of them being Firewall configuration. I can still do this in CentOS 7, except the list no longer includes Firewall configuration as an option.

Does anyone know where I can find it now and why it has been moved?

This is where I used to go to allow incoming traffic via HTTP and HTTPS. If there's a better way, I'd gladly take the advice. Thanks.

ste
  • 381
  • 1
  • 3
  • 8
  • 3
    Have you gone through the documentation? [Using Firewalls](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html) –  Jul 29 '14 at 21:51

3 Answers3

32

Since the release of RedHat/CentOS 7, the previous firewall system has been replaced with firewalld.

At the time of writing there is no curses-like console interface similar to system-config-firewall. If you don't mind using a GUI you could use firewall-config instead.

If you need something for the console you will have to use firewall-cmd instead.

For more information and full documentation about firewalld: 4.5. Using Firewalls (or now (subscription required) How to configure firewalld in RHEL ?)

I hope this might help you!

Flash Sheridan
  • 75
  • 1
  • 11
William Sandin
  • 733
  • 5
  • 9
  • 7
    If you want to go back to using `iptables`, see this: http://serverfault.com/questions/470287/how-to-enable-iptables-instead-of-firewalld-services-on-rhel-7-and-fedora-18 – fuero Jul 29 '14 at 22:52
  • And if you just want to disable the firewall, use: `sudo service firewalld stop; sudo chkconfig firewalld off` – Dawngerpony Dec 22 '14 at 21:18
  • 3
    @DuffJ On RHEL 7 it's `systemctl stop firewalld.service` and `systemctl disable firewalld.service` – Winter Jan 10 '15 at 03:12
  • Oh yes! One place where RHEL and CentOS differ. Thanks. – Dawngerpony Jan 13 '15 at 14:22
  • 2
    @DuffJ RHEL 7 and CentOS 7 don't differ in this regard. – ste Jun 29 '15 at 00:34
18

Here are some commands with descriptions below that I came across and were helpful

firewall-cmd --state
  view status of firewalld service (systemctl status firewalld)
firewall-cmd --zone=public --list-all
  gets all info for the “public” zone
firewall-cmd --list-all-zones
  shows all info for all zones
firewall-cmd --zone=public --add-port=80/tcp --permanent
  adds port 80 to public zone
firewall-cmd --zone=public --add-service=http --permanent
  adds service http to public zone
firewall-cmd --reload
  run this after making changes
firewall-cmd --zone=public --remove-port=80/tcp --permanent
  to remove port 80 from public zone
firewall-cmd --get-default-zone
  shows default zone for firewall
firewall-cmd --get-active-zones
  zones where network interfaces or sources are assigned
1Raptor007
  • 349
  • 1
  • 3
  • 6
1

A quicker way of disabling firewalld is the following.

 systemctl disable firewalld

this removes the .service so you should get something similar to

rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
Steve Rowe
  • 19
  • 1