How to configure your Dedicated Server Firewall on CentOS 7.x

Configuring your Dedicated Server Firewall

A firewall can be used to block certain communications that are deemed as unauthorized traffic, can prevent hacking attempts, and can aid in DoS attacks. It is important to enable your Dedicated Server's firewall to deny any unauthorized traffic to your server.

This guide is for CentOS only. If you do not have CentOS on your Dedicated Server, please go to our Debian based article on how to configure your firewall.

To enable the firewall, you will need to run the following command:

yum install firewalld -y && systemctl start firewalld

You should see a bunch of text, then back to a prompt to type. Once this has been completed, you are free to configure your firewall.

The most common type of firewall configurations are usually to stop SSH brute force attacks, or common services that are installed on servers such as DNS, SMTP, and a whole host of other services.

Here, we'll be using the basic syntaxing to open ports. It is implicit (understood) that all ports that are not opened are closed.

To open a specific port, you will run the following command, replaced with the port of your liking:

firewall-cmd --permanent --zone=public --add-port=<port number>/tcp

firewall-cmd --permanent --zone=public --add-port=<port number>/udp

You may also open port ranges by:

firewall-cmd --permanent --zone=public --add-port=<starting port>-<ending port>/tcp

firewall-cmd --permanent --zone=public --add-port=<starting port>-<ending port>/udp

You can also open ports for certain services. We'll be opening the SSH port here.

firewall-cmd --permanent --zone=public --add-port=22/tcp

or

firewall-cmd --permanent --zone=public --add-service=ssh

To apply the changes, you'll need to run the following command:

firewall-cmd --reload

Updated on: 26/01/2021