How to Configure ‘FirewallD’ in RHEL/CentOS 7 and Fedora 21

Step 3: Setting Default Zone

4. If you would like to set the default zone as internal, external, drop, work or any other zone, you can use the below command to set the default zone. Here we using “internal” zone as default.

# firewall-cmd --set-default-zone=internal

5. After setting zone, verify the default zone using below command.

# firewall-cmd --get-default-zone
Set Firewalld Default Zone

Set Firewalld Default Zone

6. Here, our Interface is enp0s3, If we need to check our zone in which interface is bounded we can use the below command.

# firewall-cmd --get-zone-of-interface=enp0s3
Check Interface Zone

Check Interface Zone

7. Another interesting feature of firewalld is ‘icmptype‘ is the one of the icmp types supported by firewalld. To get the listing of supported icmp types we can use the below command.

# firewall-cmd --get-icmptypes

Step 4: Creating Own Services in Firewalld

8. Services are set of rules with ports and options which is used by Firewalld. Services which are enabled, will be automatically loaded when the Firewalld service up and running. By default, many services are available, to get the list of all available services, use the following command.

# firewall-cmd --get-services
Check Firewalld Services

List Firewalld Services

9. To get the list of all the default available services, go the the following directory, here you will get the list of services.

# cd /usr/lib/firewalld/services/
List Default Firewalld Services

List Default Firewalld Services

10. To create your own service, you need to define it at the following location. For example, here I want to add a service for RTMP port 1935, first make a copy of any one of the service from.

# cd /etc/firewalld/services/
# cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/

And then, navigate to the location were our service file was copied, next rename the file ‘ssh.xml‘ to ‘rtmp.xml‘ as shown in the below picture.

# cd /etc/firewalld/services/
Create Firewalld Service

Create Firewalld Service

Add Service to Firewalld

Add Firewalld Service

11. Next open and edit the file as Heading, Description, Protocol, and Port number, which we need to use for the RTMP service as shown in below picture.

Configure Firewalld Service

Configure Firewalld Service

12. To make these changes activate, restart the firewalld service or reload the settings.

# firewall-cmd --reload

13. To confirm, whether service is added or not, run below command to get list of services available.

# firewall-cmd --get-services
Confirm Added Service in Firewall

Confirm Added Service in Firewall

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Babin Lonston

I'm Working as a System Administrator for last 10 year's with 4 years experience with Linux Distributions, fall in love with text based operating systems.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

19 Responses

  1. Marian says:

    Hello again,

    This is the type of errors present on DNS co-related with my previous message

    63023 ServFail 0/0/0 (40)
    62993 ServFail 0/0/0 (40)
    62993 ServFail 0/0/0 (40)
    

    co-related with

    udp port 19316 unreachable, length 78
    udp port 16456 unreachable, length 78
    udp port 10163 unreachable, length 81
    

    Marian

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.