How To Setup Firewall using FirewallD on CentOS 8

Setup Firewall using FirewallD on CentOS 8

In this tutorial, we will show you how to set up a Firewall using FirewallD on CentOS 8. For those of you who didn’t know, Firewalls play a crucial role in protecting your server from unauthorized access and potential threats. CentOS 8, a popular Linux distribution, comes with a powerful and user-friendly firewall management tool called FirewallD.

FirewallD introduces several key concepts that you should be familiar with before proceeding with the configuration. These concepts include zones, services, ports, protocols, and port forwarding.

  • Zones

FirewallD uses zones to manage the trust level of network connections. Each zone has its own set of rules that determine which traffic is allowed or denied. CentOS 8 comes with several predefined zones, such as trusted, home, internal, work, public, external, dmz, block, and drop. You can assign network interfaces to specific zones based on your security requirements.

  • Services

FirewallD uses the concept of services to represent a collection of ports and protocols that a specific service requires to function properly. CentOS 8 includes a set of predefined services, but you can also create your own custom service definitions to suit your needs.

  • Ports, Protocols, and Port Forwarding

FirewallD allows you to open or close specific ports and control traffic based on protocols like TCP, UDP, or ICMP. Additionally, you can configure port forwarding rules to redirect traffic from one port to another, enabling you to run services on non-standard ports while still maintaining security.

  • Runtime vs Permanent Configuration

FirewallD distinguishes between runtime and permanent configurations. Runtime configurations are applied immediately but are lost upon reboot, while permanent configurations persist across system restarts. It’s essential to save your runtime configuration to make it permanent.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step Setup Firewall using FirewallD on CentOS 8.


  • A server running one of the following operating systems: CentOS 8.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A network connection or internet access.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Setup Firewall using FirewallD on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf install epel-release
sudo dnf update

Step 2. Installing FirewallD on CentOS 8.

Firewalld is installed by default on CentOS 8 system, but if it is not installed on your system, you can execute the following command for its installation:

sudo dnf install firewalld
sudo systemctl enable firewalld --now

Enable or disable Firewalld from starting automatically at system boot:

sudo systemctl enable firewalld
sudo systemctl start firewalld

Check the current status of Firewalld and see if it’s running:

sudo systemctl status firewalld

Step 3. Setup and configuration of FirewallD.

Below are the predefined zones included in FirewallD:

  • drop – Dropped all incoming connections without any reply and only allowed outgoing connections.
  • block – It is the same as the zone drop, but all incoming connections are blocked with  icmp-host- prohibited or icmp6-adm-prohibited messages.
  • public – It represents unreliable public areas.
  • external – External networks in the event that the firewall uses as the gateway. Because it is configured for NAT masquerading and internal network will remain private but accessible.
  • internal – Only accepted the selected incoming connections and it’s for the internal network.
  • DMZ – Demilitarized zone, it is publicly accessible to the internal network with limited access and accepted only selected incoming connections.
  • work – Using for work machines.
  • home – Using for home machines.
  • trusted – Accept all network connections.

By default, the public zone is the default zone after the firewall service is enabled. To list all available zones run:

firewall-cmd --get-zones

The below commands are used to change the default zone and verify.

firewall-cmd --set-default-zone=home
firewall-cmd --get-default-zone

For example open HTTP port 80 and HTTPS port 443, and run the commands used to open temporarily:

firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --add-service=https

Below are commands used to open permanently:

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https

To implement the changes we need to reload the firewall with:

firewall-cmd --reload

Check for open ports/services:

firewall-cmd --list-all

Congratulations! You have successfully configured Firewalld. Thanks for using this tutorial for installing FirewallD on the CentOS 8 system. For additional help or useful information, we recommend you check the official FirewallD website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button