Master firewalld on CentOS 7: Zones, Rules, and Custom Port Setup
This guide explains how firewalld works on CentOS 7, covering zone concepts, configuration file locations, command‑line and XML methods for adding ports, common firewall commands, and the steps to replace firewalld with the traditional iptables firewall.
1. Firewall Overview
In CentOS 7 the firewall is managed by the dynamic daemon firewalld, which supports IPv4 and IPv6, network zones, separate runtime and permanent configurations, and provides an interface for services to add rules directly.
2. Zones
Zones define the trust level of network connections; a connection belongs to a single zone while a zone can contain many connections. Zones are ordered from least to most trusted: drop, block, public, external, dmz, work, home, internal, trusted.
3. Configuration Files
firewalld stores its configuration in XML files under /usr/lib/firewalld/ (system‑wide, read‑only) and /etc/firewalld/ (user‑editable). The system directory contains predefined services and ports, while the user directory holds custom zone definitions.
4. Adding Ports
Ports can be added either via the firewalld command line or by editing the XML zone files.
4.1 Command‑line method
To add TCP port 9527 permanently: firewall-cmd --permanent --add-port=9527/tcp To add a port to a specific zone (e.g., public): firewall-cmd --zone=public --permanent --add-port=8010/tcp After making changes, reload or restart firewalld for them to take effect.
4.2 Editing configuration files
Edit the appropriate zone XML file (for example public.xml) and add <port protocol="tcp" port="514"/> entries. The edited file is shown below.
5. Common firewalld Commands
service firewalld restart– restart the daemon service firewalld start / service firewalld stop – start or stop the service systemctl status firewalld – view service status firewall-cmd --state – check daemon state firewall-cmd --list-all – list all active rules
6. Switching to iptables
To replace firewalld with the traditional iptables firewall, stop and disable firewalld, install the iptables-services package, edit /etc/sysconfig/iptables, then start and enable the iptables service.
service firewalld stopsystemctl disable firewalld.serviceyum install iptables-servicesvi /etc/sysconfig/iptablesservice iptables startsystemctl enable iptables.serviceSigned-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Java Backend Technology
Focus on Java-related technologies: SSM, Spring ecosystem, microservices, MySQL, MyCat, clustering, distributed systems, middleware, Linux, networking, multithreading. Occasionally cover DevOps tools like Jenkins, Nexus, Docker, and ELK. Also share technical insights from time to time, committed to Java full-stack development!
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.