How to Install and Configure Firewalld on Centos

Hello Friends, Today I wanna talk about how to install and configure a firewall on Centos 8.2, I'll do my best to explain it simply, easily and newbies friendly

Introduction

I wanna start by telling you about "Firewalld" it is a firewall management, according to my researches It is act as a frontend for the iptables packet filtering system provided by the Linux Kernel. I'll try to guide you how to set up a firewall for your server. I'll try to keep it simple as much as possible so let's start

Install and Enable the Firewall

Open up a terminal and let's start to write some commands
First Let's check if "firewalld" is installed on your system by running this command

sudo firewall-cmd --state

if you got command not found that's mean firewalld isn't installed, so now we need to install it by typing:

sudo dnf install firewalld

after you install it you need to start it and make sure it will run after every time you restart your system automatically by typing two simple commands:

sudo systemctl start firewalld

sudo systemctl enable firewalld

the first command is to start firewalld and the second one is making it start automatically at the boot of the system, after that you need to make sure everything is good and running by typing:

sudo firewall-cmd --state

the output should be running, it means firewalld is running and everything is fine also you can double check by typing:

sudo systemctl status firewalld

You should get a long output with the word active (running), usually it will be with a green color. if that the case then congratulation! you got your firewall up and running, it is ready for our configuration. you can reboot your system or not, it is up to you but you may want to reboot to make sure that the firewall will automatically start at boot successfully by typing:

sudo reboot

Zones in Firewalld

First let me put the official complicated definition: The default zone is the zone that is used for every firewall feature that is not explicitly bounded to another zone. You can get the default zone set for network connections and interfaces by running.

I will leave it at that and I'll not go deeply in to definition, we will work with "public" zone for this article, because I assume you got a VPS with centos 8.2 and you want to configure a firewall on it, don't get me wrong understanding stuff is important but I'm here to guide you to successfully configuring a working firewall in the end.
You can get all the available zones on the system by typing

sudo firewall-cmd --get-zones

also you can get the default zone on the system by typing

sudo firewall-cmd --get-default-zone

Open and Block Services and ports in Firewalld

Services are basically the running applications on your machine, like for example a web server, mail server, mysql server ... etc.
Ports are the number that the server is listening to, for example web server [http] listen for request through port number 80 and [https] listen for request thought port number [143]
If we need to allow http to accept requests, we must tell the firewall to open up the service [http] or the port number [80] -which i don't recommend by the way- by typing

sudo firewall-cmd --zone=public --add-service=http --permanent

Let's simplify it a little.
First we specify the zone that we want the service to appy to which in our case will be "public". If we didn't specify a zone the default one will be used.
Second we add the service called "http" which it can be any service on the system like for example "https" or "smpts". to check all the available services type:

sudo firewall-cmd --get-services

Third we added another option called "permanent" which mean it will be permanently allow the specific service through our firewall, unless we remove or block it ourselves.

If we need to remove or block a service simply we type:

sudo firewall-cmd --zone=public --remove-service=http --permanent

You should reload the firewall rules to take immediate effects -and you should do it every time after finishing configuring the firewall- it is like restart the firewall service but more safe, to reload the firewall type:

sudo firewall-cmd --reload

Note: To be on the safe side you shouldn't open a port number manually unless you know exactly what are you doing, or you need to open a specific port for some reason, I don't recommend using ports to allow something unless you need it for something specific, always use services

If we need to open up a port in the firewall we simply type:

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent

and if we need to remove or block a port in the firewall we simply type:

sudo firewall-cmd --zone=public --remove-port=80/tcp --permanent

List allowed services and ports on the system

if you want to know the current allowed serives on your system type:

sudo firewall-cmd --list-services

and for listing the current allowed ports on the system type:

sudo firewall-cmd --list-ports

to list the current services or ports allowed on specific zone let's say for example "public" simply add --zone=public to the two commands above.

That was the simplest way of installing, configuring and running firewalld on your system. Thank you for your reading and I really hope this post helped you.