how to start, restart or view Linux firewall status
Firewall is a management tool that allows or blocks access through TCP/IP protocols, in addition to being open source, it is intended for Linux operating systems, it is a basic tool to block TCP/UDP requests that do not have a system of process monitoring, user activities, resource consumption, virus scanning or elimination and other essential characteristics for the protection and proper functioning of our system.
The name firewalld adheres to the Unix convention of naming system demons by adding the letter "d". Firewalld supports IPv4 and IPv6 networks and can manage separate firewall zones with varying degrees of trust as defined in zone profiles. Administrators can configure Network Manager to automatically change zone profiles based on known Wi-Fi (wireless) and Ethernet (wired) networks, but firewalld cannot do it on its own.
Services and applications can use the D-Bus interface to query and configure the firewall. firewalld supports timed rules which means that the number of connections (or "hits") to a service can be limited globally.
The command line interface allows managing firewall rule sets for source and destination port protocol; or predefined services by name.
Generally Linux distributions such as: CentOS, Red Hat, Fedora, Ubuntu and others, the installation of any of these distributions comes with the firewall by default, in some cases we can find Start or restart errors of our firewall.
To correct the Start/Restart of our firewall in case of error, we take the privileges of the root user and execute the following command:
systemctl unmask firewalld
To permanently enable our firewall:
systemctl enable firewalld
for start our firewall:
systemctl start firewalld
For check the status of our firewall:
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2020-07-22 18:20:17 BST; 17h ago
Docs: man:firewalld(1)
Main PID: 1015 (code=exited, status=0/SUCCESS)
To check which version of firewalld we have we can do it through the following command:
rpm -qa | grep firewalld
firewalld-0.6.3-2.el7_7.2.noarch
fail2ban-firewalld-0.9.7-1.el7.noarch
firewalld-filesystem-0.6.3-2.el7_7.2.noarch
In the case that we do not have a version of the firewalld installed in our system, we can do it through the following command:
yum install firewalld
We start and enable our firewall.
systemctl enable firewalld
systemctl start firewalld
To add ports to our firewalld we can do it through the following statement:
firewall-cmd --zone=public --add-port=80/tcp --permanent
To remove ports to our firewalld we can do it through the following statement:
firewall-cmd --zone=public --remove-port=80/tcp --permanent