Pre-requisites:
A system with CentOS Stream 9 installed and running
Access to a terminal or command line
Root or sudo privileges
This guide introduces you to firewalld and provides basic configuration steps.
Checking the status of Firewalld
firewall-cmd --state
The output should say running or not running.
View the status of the FirewallD daemon
systemctl status firewalld
To reload a FirewallD configuration:
firewall-cmd --reload
Viewing firewall rules
firewall-cmd --list-all
Get configurations for all zones
firewall-cmd --list-all-zones
To get all configurations for a specific zone
firewall-cmd --zone=public --list-all
Enable a service
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent
Disable the service
firewall-cmd --zone=public --remove-service=http --permanent
firewall-cmd --zone=public --remove-service=https --permanent
Opening a port
Port 80 is the default port for the http protocol for web browsing
Port 443 is the default port for the https protocol for web browsing
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
Closing a port
firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=443/tcp --permanent
List open ports
firewall-cmd --zone=public --list-ports
View default available services
firewall-cmd --get-services
List sources for your zone
firewall-cmd --permanent --zone=public --list-sources
If there are none, you can start to add them, this is your “whitelist”
firewall-cmd --permanent --zone=public --add-source=192.168.100.0/24
To remove the IP address from the whitelist
firewall-cmd --permanent --zone=public --remove-source=192.168.100.0/24
Block an IP Address
firewall-cmd --add-rich-rule=”rule family=ipv4 source address=192.168.100.24 reject” --permanent
To make it effective, reload the firewalld commands
firewall-cmd –reload
Display the current rich rule settings
firewall-cmd --list-rich-rules
Remove a rich text rule
firewall-cmd –remove-rich-rule=’rule family=ipv4 source address=192.168.100.24 reject’ –permanent
To make it effective, reload the firewalld commands
firewall-cmd –reload
For more information: