Configure FirewallD on CentOS or Rocky Linux to protect your server with zone-based firewall rules and service management.
Secure your CentOS/Rocky Linux 9 server by implementing FirewallD. This guide covers essential security measures to protect your VPS.
FirewallD is the default firewall solution for RHEL-based distributions like CentOS and Rocky Linux. It provides dynamic zone-based firewall management without requiring service restarts when rules change.
sudo dnf install firewalld -y
sudo systemctl start firewalld
sudo systemctl enable firewalldSet up basic firewall rules:
# Set default zone to public
sudo firewall-cmd --set-default-zone=public
# Allow essential services
sudo firewall-cmd --zone=public --permanent --add-service=ssh
sudo firewall-cmd --zone=public --permanent --add-service=http
sudo firewall-cmd --zone=public --permanent --add-service=https
# Allow custom port (e.g., application on port 8080)
sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
# Remove unnecessary services
sudo firewall-cmd --zone=public --permanent --remove-service=cockpit
# Reload to apply changes
sudo firewall-cmd --reloadsudo systemctl enable firewalld
sudo systemctl restart firewalldsudo firewall-cmd --state
sudo firewall-cmd --list-all
sudo firewall-cmd --list-services
sudo firewall-cmd --list-portsYour CentOS/Rocky Linux server is now protected with FirewallD. Regular security audits are recommended.