I generally use setup or system-config-firewall commands to configure firewall in CentOS machines. But the same commands in CentOS 7 failed with an error message ERROR: FirewallD is active, please use firewall-cmd.
$setup ERROR: FirewallD is active, please use firewall-cmd. ERROR: FirewallD is active, please use firewall-cmd.
The above error message recommends to use firewall-cmd command, which actually uses firewalld service.
Firewalld is a new service that replaces system-config-firewall in latest versions of CentOS. It allows you to manage firewall dynamically to define trust level of network connections or interfaces. When enabled, the service starts during the system boot and when it’s listening, the commands such as setup and system-config-firewall will not work.
You can check the status of firewalld as shown below:
$service firewalld status Redirecting to /bin/systemctl status firewalld.service â firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running)
$firewall-cmd --state running
Configuring firewalld using GUI tool
You can use firewall-config command which provides a graphical user interface to configure firewalld. If you don’t have one, install it using yum.
$yum install firewall-config
How to use firewall-cmd command?
The first thing to do is check the man page of firewall-cmd.
For example, to allow port 80 in the firewall, below is the command.
$firewall-cmd --add-port=80/tcp --permanent success
Here’s a complete guide on firewalld usage commands.
How to get back system-config-firewall or setup commands?
Simple, you need to shutdown firewalld daemon.
$service firewalld stop Redirecting to /bin/systemctl stop firewalld.service