Firewalld is a firewall management tool that comes pre-installed on many Linux distributions. Here are the steps to install and configure Firewalld:
- Install Firewalld
To install Firewalld, use the package manager for your Linux distribution. For example, on CentOS/RHEL/Fedora, you can use the following command:
sudo yum install firewalld
On Debian/Ubuntu, you can use the following command:
sudo apt-get install firewalld
- Start and enable Firewalld
Once Firewalld is installed, start and enable the service so that it starts automatically at boot time:
sudo systemctl start firewalld
sudo systemctl enable firewalld
- Allow and block services/ports
Firewalld allows you to configure zones for different network locations, such as public, home, or work. Each zone has a default set of rules that can be customized. For example, to allow incoming SSH traffic on the public zone, use the following command:
sudo firewall-cmd --zone=public --add-service=ssh --permanent
This command adds the ssh service to the public zone and makes the rule permanent, so that it persists across reboots.
To block incoming traffic on a specific port, you can use the following command:
sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
This command removes the port 8080/tcp from the public zone and makes the rule permanent.
- Reload and check the configuration
After making changes to the firewall configuration, reload the configuration using the following command:
sudo firewall-cmd --reload
You can also check the status of the firewall and the active rules using the following command:
sudo firewall-cmd --list-all
This command displays the status of the firewall, the configured zones, and the active rules.
Note: It is important to carefully review and test your firewall rules to ensure that they are properly configured and do not block legitimate traffic. It is also important to regularly review and update your firewall rules to stay ahead of emerging threats.
