CentOS 7 Firewalld Basic Usage

CentOS 7 has change its firewall manager to firewalld, this will discuss about the usage of this tool.
Next, i will add a jenkins and a docker registry service.

Usage

The basic command:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# query port 80
firewall-cmd --query-port=80/tcp
iptables -L -n | grep 80
# reload
firewall-cmd --reload
# list all
firewall-cmd --list-all
firewall-cmd --zone=public --list-all
firewall-cmd --zone=public --list-services
firewall-cmd --list-ports
# add port
firewall-cmd --add-port=80/tcp
# help
firewall-cmd --help

Add Jenkins/Docker Registry Service

There is two directory need to focus: /usr/lib/firewalld/, /etc/firewalld. First dir is for lib, second dir is for setup, so let’s do it.
STEP 1:
Add services to /etc/firewalld/services:

1
2
3
# cp service from lib
cp /usr/lib/firewalld/services/http.xml /etc/firewalld/jenkins.xml
cp /usr/lib/firewalld/services/http.xml /etc/firewalld/docker-registry.xml

STEP 2:
Modify services like this:

1
2
3
4
5
6
7
# jenkins.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Jenkins</short>
<description>Jenkins for CI.</description>
<port protocol="tcp" port="8080"/>
</service>

1
2
3
4
5
6
7
# docker-registry.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Docker Registry</short>
<description>Docker Registry for manage the images.</description>
<port protocol="tcp" port="5000"/>
</service>

STEP 3:
Modify the zone config:

1
2
3
4
5
6
7
8
9
10
# /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="ssh"/>
<service name="jenkins"/>
<service name="docker-registry"/>
</zone>

U also can modify the firewall config: /etc/firewalld/firewalld.conf, like default zone etc..
STEP 4:
Now, just reload the firewall.

1
firewall-cmd --reload

That’s all, enjoy it!