Linux Firewalld

how to start, restart or view Linux firewall status

Firewall is a management tool that allows or blocks access through TCP/IP protocols, in addition to being open source, it is intended for Linux operating systems, it is a basic tool to block TCP/UDP requests that do not have a system of process monitoring, user activities, resource consumption, virus scanning or elimination and other essential characteristics for the protection and proper functioning of our system.

The name firewalld adheres to the Unix convention of naming system demons by adding the letter "d". Firewalld supports IPv4 and IPv6 networks and can manage separate firewall zones with varying degrees of trust as defined in zone profiles. Administrators can configure Network Manager to automatically change zone profiles based on known Wi-Fi (wireless) and Ethernet (wired) networks, but firewalld cannot do it on its own.

Services and applications can use the D-Bus interface to query and configure the firewall. firewalld supports timed rules which means that the number of connections (or "hits") to a service can be limited globally.

The command line interface allows managing firewall rule sets for source and destination port protocol; or predefined services by name.

Generally Linux distributions such as: CentOS, Red Hat, Fedora, Ubuntu and others, the installation of any of these distributions comes with the firewall by default, in some cases we can find Start or restart errors of our firewall.

To correct the Start/Restart of our firewall in case of error, we take the privileges of the root user and execute the following command:

systemctl unmask firewalld

To permanently enable our firewall:

systemctl enable firewalld

for start our firewall:

systemctl start firewalld

For check the status of our firewall:

# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2020-07-22 18:20:17 BST; 17h ago
Docs: man:firewalld(1)
Main PID: 1015 (code=exited, status=0/SUCCESS)

To check which version of firewalld we have we can do it through the following command:

rpm -qa | grep firewalld
firewalld-0.6.3-2.el7_7.2.noarch
fail2ban-firewalld-0.9.7-1.el7.noarch
firewalld-filesystem-0.6.3-2.el7_7.2.noarch

In the case that we do not have a version of the firewalld installed in our system, we can do it through the following command:

yum install firewalld

We start and enable our firewall.

systemctl enable firewalld
systemctl start firewalld

To add ports to our firewalld we can do it through the following statement:

firewall-cmd --zone=public --add-port=80/tcp --permanent

To remove ports to our firewalld we can do it through the following statement:

firewall-cmd --zone=public --remove-port=80/tcp --permanent

If you have any questions, please feel free to contact Picaraza Domains Ltd support team 24/7/365.
Was this answer helpful?

Related Articles

CentOS 7 monitoring

Netdata is an open source tool to visualize and monitor in real time the performance of our...

Antivirus in CentOS 7

It is a very good alternative to have an antivirus on our Linux server, with the installation of...

Let's Encrypt SSL/TLS certificates with certbot

Let's Encrypt is an automated and open certification authority (CA) operated by Internet Security...

How to setup IPtable in RHEL/CentOS 7

IPtable configuration in RHEL/CentOS 7 IPtables is a user-space utility program that allows the...