Friday 6 December 2019

How to Define a Service to Add in Firewall Configuration on CentOS 7




Firewall is a network security tool that provide network level security based on a set of rules. It has controls on incoming and outgoing traffic.

This article describes How to Define a Service to Add in Firewall Configuration as service on CentOS7 (firewall-cmd).

Follow the article Howto Install Firewalld on CentOS 7 if already not installed.

In firewall configuration, services are a set of service information i.e. Service name, service ports and description of the service. Service list are available in directory “/usr/lib/firewalld/services”.

Step 1. Check the Service Status: Run the following command to check firewall running status:

[root@linuxcnf ~]# firewall-cmd --stat
running
[root@linuxcnf ~]#

Step 2. Defining a Service: Run the following command to copy any existing service file:

[root@linuxcnf ~]# cd /usr/lib/firewalld/services/
[root@linuxcnf services]# cp -p http.xml tomcat9.xml
[root@linuxcnf services]#

Modify the above copied tomcat9.xml file as below:

[root@linuxcnf services]# vi tomcat9.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>TOMCAT9</short>
  <description>Apache Tomcat software is a free and open source Web Server that provides a HTTP web server environment Java code. </description>
  <port protocol="tcp" port="8080"/>
</service>
[root@linuxcnf services]#

Step 3. Adding Service: Run the following command to allow services in firewall:

[root@linuxcnf services]# firewall-cmd --permanent --zone=public --add-service=tomcat9
success
[root@linuxcnf services]#

Step 4. Reloading the Service: Run the following command for soft reloading firewall service to reflect the changes:

[root@linuxcnf services]# firewall-cmd --reload
success
[root@linuxcnf services]#

Step 5. Validate the Configuration: Run the following command to verify the configuration:

[root@linuxcnf services]# firewall-cmd --list-service | grep tomcat9
dhcpv6-client http ssh tomcat9
[root@linuxcnf services]#

Done!!! Tomcat9 Service is successfully allowed from Linux Firewall.

No comments:

Post a Comment