Psychz - Shaibaz
Votes: 0Posted On: Oct 06, 2017 06:56:47
Centos 7 has a service called "firewalld" that maintains its traffic by creating different zones. The tool enables network/firewall zones to define the trust level of network connections and/or interfaces. It supports both IPv4 and IPv6 firewall settings. Firewalld uses zones and services to maintain and divert traffic.
Firewall Zones
Zones are the set of rules that are pre-constructed in the firewall. You can use any of the zones for various types of traffic. "Public" is the default zone until it is changed. You can set different zones to different interfaces. Also, the services can be assigned to zones such that services are allowed for only that zone.
Here is a sample output of a public zone.
To view the default zone, please run the following command.
sudo firewall-cmd --get-default-zone
To view the active zone, please run the following command.
sudo firewall-cmd --get-active-zones
Adding or removing a port to a zone
As you can see in the above screenshot, the value is blank in the port field. We can add a port to the zone by the help of the following command.
sudo firewall-cmd --zone=public --add-port="Enter the port number you want to allow traffic"/tcp --permanent
Remove a port
A port can be removed from a zone with the help of the following command.
sudo firewall-cmd --zone=public --remove-port="Enter the port number you want to deny traffic"/tcp --permanent
You can configure interfaces, services, forward the traffic of a port and other fields to the zones that will be discussed in later articles.