RHEL/CentOS 7 introduces a new firewall daemon called FirewallD, a dynamically managed firewall that supports zones to define the trust level of network connections or interfaces. Because FirewallD runs as a daemon it also allows rules to be added instantly without the need to save or apply the changes. Firewalld daemon uses iptables tool to talk to the kernel packet filter.
Use the firewall-cmd command line tool to setup the firewall, the most important commands are:
| show if FirewallD is running |
|
| reload the firewall |
|
| list all the defined zones |
|
| list all the supported services |
|
| list all the active zones |
|
| add interface to the zone |
|
| change interface to zone |
|
| remove interface from the zone |
|
| enable panic mode blocking all network connections |
|
| disable panic mode |
|
| add a service to a zone |
|
| remove service from a zone |
|
| add a port to a zone |
|
| remove a port from a zone |
|
| add masquerade to a zone |
|
| remove masquerade from a zone |
|
| add port forwarding to a zone |
|
| remove port forward from a zone |
|
Disabling FirewallD
If for any reason you would wish to disable FirewallD or use iptables instead you can do so with the following commands:
| Stop FirewallD |
|
| Disable FirewallD |
|