1. Understanding and updating firewall
firewalld is a firewall management tool provided by default in the CentOS operating system. firewalld supports both IPv4 and IPv6 networks, operates as defined in the profile area, and is highly reliable.
Original Korean article: firewall settings
- block: Connect only networks started within the system and reject all other connections
- dmz: Allows connections only from allowed ports and provides connections to incoming ports.
- drop: Block all incoming connections and only allow outgoing network connections
- public: Do not trust other servers or computers on the network and allow only necessary ports and services
- trusted: Allow connections to all zones
- home: Connects to a trusted PC on the local network and allows only selected TCP/IP ports
You can use friewall to allow or block traffic. Centos 8 provides a custom-based firewall with a dynamic interface.
A firewall forms a barrier between the system and external sources, preventing external damage from spreading and damaging valuable internal data. Therefore, you must use a firewall and you should not stop it just because the service is not working well.
sudo firewall-cmd --get-zones
sudo firewall-cmd --version
firewall settings
sudo systemctl status firewallsudo systemctl start firewallsudo systemctl stop firewallsudo systemctl restart firewallsudo systemctl enable firewallsudo systemctl disable firewallsudo firewall-cmd --reload/etc/firewalld/firewalld.conffirewall firewall port settings
sudo firewall-cmd --list-allsudo firewall-cmd --list-servicesOR
sudo firewall-cmd --list-services --zone=publicsudo firewall-cmd --remove-service=cockpit --permanentsudo firewall-cmd --remove-service=dhcpv6-client --permanentYou can specify the port directly, but you can also use the service name to operate it.
sudo firewall-cmd --get-services
sudo firewall-cmd --get-services | grep [example example : http or mysql]Service port information can be checked through the xml file in the link below.
sudo ls -l /usr/lib/firewalld/services/
sudo cat /usr/lib/firewalld/services/ssh.xmlThe following is the command to permanently add an http port to the public zone. If you delete –permanent and enter it, it will be added temporarily and will disappear after rebooting. If you register a service and port, it must be reloaded.
sudo firewall-cmd --zone=public --add-service=http --permanentOR
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --reloadThe following is the command to permanently delete the http port in the public zone. If you delete –permanent and then enter it, it will be temporarily deleted and will remain after rebooting. If you delete a service or port, it must be reloaded.
sudo firewall-cmd --zone=public --remove-service=http --permanentOR
sudo firewall-cmd --zone=public --remove-port=80/tcp --permanentsudo firewall-cmd --reloadThe firewall can be updated through git. https://firewalld.org/
Good article to read together
- Install Nginx web server (Centos 8)
- Install Centos 8
- Activate Centos 8 RHEL & REMI Repository
- Install and enable Ubuntu firewall iptables
- Ubuntu firewall iptables setup and management
Related Reading
- Related Thinknote article
- Related Thinknote article
- Related Thinknote article
- Related Thinknote article
- Related Thinknote article
FAQ
What is this article about?
This article is an English translation and global-reader adaptation of the Korean post “firewall settings.” It preserves the original article’s main explanation, examples, and practical context.
Why is it translated into English?
The English version helps global readers access Thinknote articles through English search keywords while keeping the Korean source available as the original reference.
Where can I read the original Korean version?
You can read the original Korean article here: https://www.thinknote.co.kr/firewall-port-settings/