Firewalls provide a basic level of security for your server. These applications are responsible for denying traffic to every port on your server with exceptions for ports/services you have approved.

There’s a nice firewall for CentOS called firewalld. A tool called firewall-cmd can be used to configure firewall policies. Our basic strategy will be to lock down everything that we do not have a good reason to keep open.

Installation

sudo yum install firewalld

sudo systemctl start firewalld

sudo systemctl enable firewalld

Configuring

The permanent option --permanent can be used to set options permanently. These changes are not effective immediately, only after service restart/reload or system reboot. Without the --permanent option, a change will only be part of the runtime configuration.

If you want to make a change in runtime and permanent configuration, use the same call with and without the --permanent option.

Adding necessary services:

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --add-service=smtp

Removing services:

sudo firewall-cmd --permanent --remove-service=ssh

Also, you can add any custom port/service. You will also need to include the protocol that the service utilizes.

sudo firewall-cmd --permanent --add-port=4444/tcp

All the services we can use:

sudo firewall-cmd --get-services

See current configuration:

sudo firewall-cmd --permanent --list-all

When you are ready to implement the changes, reload the firewall:

sudo firewall-cmd --reload