Mastering Firewall Management in RHEL

Published On: 4 March 2025

Objective

Network security is an integral part of any administration of Red Hat Enterprise Linux (RHEL) systems. A properly configured firewall is one of the systems that needs to be protected from unauthorized access, cyber threats, and malicious traffic. The process of managing firewalls using Firewalld has been made mandatory as a key competency area under the RHCSA (Red Hat Certified System Administrator) certification.

This blog post is an elaborate guide on managing firewalls in RHEL with Firewalld, covering basic concepts, important commands, and advanced firewall configuration methods. Knowledge of how services, ports, and security rules are to be applied will enable you to better secure your system.

What is a Firewall in Linux?

Firewalls are defenses between a trusted internal network and untrusted external networks (e.g., the Internet) that may host malicious actors. In Linux, firewalls not only allow incoming traffic but block outgoing traffic, preventing any malicious or unauthorized data from infecting the system. Firewalls help formulate rules that would block or allow certain types of network traffic based on packet filtering criteria such as IP addresses, ports, and protocols.

Key Features of Firewalls in Linux:

  1. Packet Filtering: The task of a firewall is to check what comes through or goes out in your network. It judges whether the packets should be passed or blocked depending on preset rules.

  2. Stateful Inspection: Stateful firewalls monitor the state of connections. Therefore, rules can be applied dynamically depending on whether the connection is new, established, or related to an existing session.

  3. Zones: Firewalld uses zones in RHEL to represent varying levels of trust. This means that network interfaces can be assigned to different zones where particular security policies are enforced. 

  4. Service-level Protection: Firewalls provide access to services (e.g., http at port 80, ssh at port 22), limiting the ability of unauthorized users or systems to interact with the server

Firewalls in Linux mainly monitor logging and monitoring provides a more detailed log about the network usage which is very helpful in tracking security incidents and traffic patterns.

Understanding Firewalld

Firewalld is the default firewall management tool used within RHEL, providing a more contemporary and dynamic approach to handling firewall rules compared to such older instruments as iptables. This means that while managing network traffic, services are hardly interrupted since Firewalld permits real-time updates to firewall rules instead of requiring a restart of the service.

Key Features of Firewalld:

  • Zone-Based Management: Firewalld assigns network interfaces to predefined zones (e.g., public, internal, trusted), which apply different rules based on the trust level of the network.

  • Rich Rules: These provide granular control over network traffic, allowing advanced configurations such as limiting access based on IP address or interface.

  • Dynamic Configuration: Unlike iptables, changes in Firewalld are applied immediately without needing to restart the firewall service, making it ideal for production environments where uptime is critical.

Essential Firewalld Commands for RHCSA

1. Stop, Disable, and Mask Iptables

Before enabling Firewalld, you must ensure that legacy firewall services like iptables are disabled, as they can conflict with Firewalld.

  • Stop iptables:

sudo systemctl stop iptables

  •  This command stops the iptables service temporarily.

  • Disable iptables:

sudo systemctl disable iptables

  •  Disables iptables so that it does not start on boot.

  • Mask iptables:

sudo systemctl mask iptables

  • Masks the iptables service, preventing it from being started manually or by dependencies.

2. Install and Start Firewalld

If Firewalld is not installed on your system, you can install it using the following command:

  • Install Firewalld:

sudo dnf install firewalld -y

  •  This command installs Firewalld using the dnf package manager.

  • Start and Enable Firewalld:

sudo systemctl enable --now firewalld

  • This command ensures Firewalld starts automatically on boot and starts the service immediately.

  • Check Firewalld Status:

sudo systemctl status firewalld

  •  This command shows the current status of the Firewalld service.

3. Check Firewall Configuration

Once Firewalld is running, you can view the active zones and current firewall configuration:

  • Check Firewalld State:

sudo firewall-cmd --state

  •  This command shows whether Firewalld is running or not.

  • Get Active Zones:

sudo firewall-cmd --get-active-zones

  • This command displays the active zones in your system, such as public, internal, etc.

  • List All Rules:

sudo firewall-cmd --list-all

  • This command lists all the current rules in the active zone.

4. Add HTTP Service to Firewall Configuration

To allow HTTP (port 80) traffic, you can add the HTTP service:

  • Add HTTP Service:

sudo firewall-cmd --add-service=http --permanent

  • This command adds the HTTP service (port 80) to the firewall configuration permanently.

  • Reload Firewalld:

sudo firewall-cmd --reload

  • Reloading applies the changes made to the firewall.

  • Verify Services:

sudo firewall-cmd --list-services

  • This command verifies that HTTP is listed among the allowed services.

5. Create Custom Firewall Services

Sometimes, you'll need to allow traffic for custom applications. You can create custom services by defining them in XML files.

  • Create Custom Service (XML): Create an XML file for your custom application in the /etc/firewalld/services/ directory. For example, a service for a custom app running on port 8080:

    
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>CustomApp</short>
  <description>Custom Application Port</description>
  <port protocol="tcp" port="8080"/>
</service>

    • Apply Custom Service:

    sudo firewall-cmd --permanent --new-service-from-file=/etc/firewalld/services/customapp.xml
    sudo firewall-cmd --permanent --add-service=customapp
    sudo firewall-cmd --reload

    •  These commands apply the custom service and reload the firewall.

6. Add or Remove Rich Rules

Rich rules allow advanced control over how traffic is handled based on various criteria, such as IP addresses, network interfaces, and services.

  • Add a Rich Rule (Allow SSH from a Specific IP):

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.10" service name="ssh" accept'

  • This command allows SSH traffic only from the IP address 192.168.1.10.

  • Remove a Rich Rule:

sudo firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.10" service name="ssh" accept'

  • This command removes the previous rule for SSH access from the specified IP.

  • Reload Firewalld:

sudo firewall-cmd --reload

Why Firewall Management is Crucial for RHCSA and Real-World Security

  • System Security: 

    • Mis-configured firewalls can help attackers launch a range of attacks due to a breach, DDoS attack would be one major attack, unauthorized access, malware, etc. Firewalls configured properly, help secure services, control access, and prevent intrusion.

  • Compliance with Security Standards: 

    • Compliance with various regulatory frameworks (GDPR, HIPAA, PCI-DSS, etc.) also requires strict network security measures by organizations. Firewalld enforces policies that ensure compliance by controlling network traffic.

  • Optimized Network Performance:

    • Firewalls are gateway security devices, they filter traffic coming in and/or out of a network. It makes certain that valid traffic is allowed, which increases performance.

  • Exam Relevance:

    • The RHCSA certification demonstrates that a system administrator can configure and manage firewalls. A solid understanding of services, ports, and rules is crucial for passing the exam and demonstrating competency in real-world security practices.

  • Real-World Importance:

    • Protection Against Cyber Threats: By blocking malicious traffic and unauthorized access attempts, firewalls serve as the first line of defense in a security strategy.

    • Custom Service Creation for Security: In organizations, many applications run on non-standard ports. Being able to create custom rules for these applications ensures that only authorized traffic reaches the services.

    • Dynamic Rule Adjustment: Firewalld allows administrators to modify firewall rules without causing system downtime, which is essential for maintaining high availability in production environments.

Conclusion

Mastering Firewalld under RHEL is mandatory for the RHCSA exam as well as for securing any Linux environment effectively. With proper knowledge of zone configuration, service management, and custom rule creation, a system administrator can protect his network and systems from a wide range of threats. It is such an indispensable instrument that every Linux sysadmin should have in his toolbox because of Firewalld's flexibility, dynamic configuration, and ease of useIf you're looking to practice firewall configurations, explore the lab on RHCSAGuru.

Whether seeking certification or just improving your system security, learning to manage firewalls effectively using Firewalld is a significant milestone on the journey to mastering Linux system administration. Begin to practice with Firewalld commands today so that you will have the skills needed for the challenges of tomorrow!