In Linux, Net-filter serves as a firewall, as we all know. In order to handle firewalls, Firewalld is a dynamic daemon that takes advantage of network zones. Prior to RHEL & CentOS 7, the packet filtering architecture was implemented using the iptables daemon. Iptables is no longer supported in RHEL/CentOS 7/8, Fedora, or openSUSE in favor of the firewalld-based interface.

In light of iptables’ impending demise, it’s advised that you switch to Firewalld instead. It is still possible to use yum to install iptables, however. To avoid conflicts, we must not run Firewalld and iptables on the same machine.

We used to configure iptables as INPUT, OUTPUT, and FORWARD CHAINS, but Firewalld uses Zones instead. This blog will go over the many zones that come with firewalld by default.

Firewall and the feature of Zonal Support 

Public and private zones are the basic zones. Add the interface with zone support before adding the services in firewalld to get things to work around these zones.

One of the best benefits of firewalld is that it comes with pre-defined services, which we can use as an example to create our own services by copying and pasting them.

IPv4, IPv6, and Ethernet bridges are all supported by Firewalld. In firewalld, we have the option of separating the configuration for use during startup from the configuration for long-term use.

Let’s get started by learning how to use zones to develop our own services and more intriguing firewalld applications.

1. In RHEL/CentOS 7/8, Fedora and openSUSE, the firewalld package is installed by default. Installing it via the yum command is also an option if you don’t already have it installed.

2. If iptables service is running, you must stop and mask (disable) the service in order for the firewalld package to work properly on your system.

3. Before beginning configuring firewalld, go over the various zones. There are some zones that are enabled out of the box. The interface needs to be assigned to a certain area. There are two types of zones: Those that are trusted and those that aren’t. Services and ports can be contained within a zone.

4. You can use the following command to set the default zone to internal, external, drop, work, or any other zone. The “internal” zone is the default setting here.

5. To build your own service, go to the following address and fill out the necessary information about it. The first step is to make a clone of one of these services, such as the one for RTMP port 1935.

6. Open any of the ports that have been defined for the network source range. Let’s use the example of 192.168.0.0/24 and port 1935 to open a network range.

7. Don’t forget to reload and list the firewall rules after making the aforementioned changes.

Conclusion

Every Linux distribution uses Net-filter as the foundation for its firewall. Back in the days of RHEL and CentOS, we used iptables, but in more recent releases, Firewalld has been included. Firewalld is simpler to grasp and put into practise. Follow Infinitive Host for more such interesting topics.