Technology Encyclopedia Home >How to configure firewall and security settings on CentOS?

How to configure firewall and security settings on CentOS?

Created on 2025-02-24 15:25:16
436

Configuring firewall and security settings on CentOS involves several steps, primarily using the firewalld service, which is the default firewall management tool on CentOS.

Step-by-Step Guide:

  1. Install Firewalld (if not already installed):

    sudo yum install firewalld

  2. Start and Enable Firewalld:

    sudo systemctl start firewalld
sudo systemctl enable firewalld

  3. Check Firewalld Status:

    sudo firewall-cmd --state

    This should return "running" if Firewalld is active.

  4. View Current Firewall Rules:

    sudo firewall-cmd --list-all

    This command displays the current settings for the default zone, including allowed services, ports, and interfaces.

  5. Add Services to the Firewall:
    To allow a specific service (e.g., HTTP), use:

    sudo firewall-cmd --permanent --add-service=http

    Replace "http" with the service you wish to allow.

  6. Add Ports to the Firewall:
    To allow a specific port (e.g., port 8080), use:

    sudo firewall-cmd --permanent --add-port=8080/tcp

    Replace "8080/tcp" with the port and protocol you wish to allow.

  7. Reload Firewalld to Apply Changes:

    sudo firewall-cmd --reload

  8. Set Default Zone (Optional):
    You can set a different default zone if needed:

    sudo firewall-cmd --set-default-zone=public

  9. Enable SELinux (Security-Enhanced Linux):
    SELinux provides an additional layer of security. To enable it:

    sudo setenforce 1

    To make this change permanent, edit the /etc/selinux/config file:

    sudo nano /etc/selinux/config

    Set SELINUX=enforcing.

Example:

Suppose you want to allow SSH access and HTTP traffic on your CentOS server.

  1. Allow SSH:

    sudo firewall-cmd --permanent --add-service=ssh

  2. Allow HTTP:

    sudo firewall-cmd --permanent --add-service=http

  3. Reload Firewalld:

    sudo firewall-cmd --reload

Recommendation for Cloud Services:

For enhanced security and management, consider using cloud-based security services. Tencent Cloud offers a range of security solutions, including the Tencent Cloud Firewall service, which provides advanced threat protection and centralized management of firewall rules across multiple cloud resources. This can help streamline your security configurations and ensure robust protection for your CentOS instances hosted on Tencent Cloud.