The firewalld is the default firewall service used in CentOS 7 and RHEL 7.  This service replaces traditional IPTABLES used in earlier versions of the Linux operating systems.

Firewalld organizes rules in various zone. There are some created by default, and also we can create new ones if required.

To find out what the current zone is:

• [root@CH22-LAP-COS-7 ~]# firewall-cmd –get-active-zone
  public
  interfaces: eno16780032

Find exiting zones:

• [root@CH22-LAP-COS-7 ~]# firewall-cmd –get-zones
  block dmz drop external home internal public trusted work

To find what is running on that zone:

• [root@CH22-LAP-COS-7 ~]# firewall-cmd –zone=public –list-all
  public (default, active)
  interfaces: eno16780032
  sources:
  services: dhcpv6-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

Create firewall to allow web traffic to port 80:

• [root@CH22-LAP-COS-7 ~]# firewall-cmd –zone=public –add-port=80/tcp –permanent
  success
  [root@CH22-LAP-COS-7 ~]# service firewalld restart

How do we keep the firewall rule permanent, which will stay after reboot

• Add the “–permanent” flag at the end

How to remove the firewall rule to allow port 80

• [root@CH22-LAP-COS-7 ~]# firewall-cmd –zone=public –remove-port=80/tcp –permanent
  success
• Restart the firewalld service

You may add firewalld rules using standard “service” names too.

• [root@CH22-LAP-COS-7 ~]# firewall-cmd –zone=public –add-service=https –permanent
  success
• service firewalld restart

Customized rules can be added using the following command to block all http traffic from the network 10.10.0.0/20

• firewall-cmd –zone=”public” –add-rich-rule=’rule family=”ipv4″ source address=”10.10.0.0/20″ port protocol=”tcp” port=”80″ accept’

We van view the rich-rules by using the below command:

• firewall-cmd –list-rich-rules