Configure Firewall Settings Using Firewall-config Firewall-cmd Or Iptables

General Information

Firewalld is a new zone based firewall in RHEL 7. It replaces iptables.

• firewall-config ⇒ GUI Frontend for firewalld
• firewall-cmd ⇒ Cmd line frontend for firewalld
• firewalld ⇒ Daemon that interacts with the Linux kernel's packet filter, Netfilter
  • cannot be used at the same time as iptables
• iptables ⇒ Interacts with the Linux kernel's packet filter, Netfilter
  • cannot be used at the same time as firewalld

Install and start firewall packages (included by default on base, not minimum install)

yum install firewalld firewall-config
systemctl start firewalld
systemctl enable firewalld

View zone names

firewall-cmd --get-zones

View default zone

firewall-cmd --get-default-zone

• Zone “public” applies to all interfaces (the catch all)

View current rules (default zone)

firewall-cmd --list-all

View rules, specify zone

firewall-cmd --zone=home --list-all

View all zones rules

firewall-cmd --list-all-zones

Add source IP network for home zone (Runtime change)

firewall-cmd --zone=home --add-source=192.168.1.0/24

• Runtime/Non-persistent changes are instant, but don't survive a reload/reboot

Permanent change (survives firewall reload or system reboot)

firewall-cmd --zone=home --permanent --add-source=192.168.1.0/24
firewall-cmd --reload

• Permanent changes do not take effect until a firewall-cmd –reload

Allow HTTP on default zone (instant change and also permanent)

firewall-cmd --add-port=80/tcp
firewall-cmd --permanent --add-port=80/tcp

Launch GUI, firewall-config

firewall-config

You can use iptables, but it is recommended to use firewall-cmd instead. Using iptables instead requires disabling firewalld, installing iptables-services, and then enabling the iptables service.