Using a Simple Firewall in CentOS 6
Server - CentOS


The firewall has changed in CentOS 6 but it still provides a simple way of setting up a firewall. The first thing to do is install the tui.

yum install -y system-config-firewall-tui

 

Once it is installed then you can call the firewall with this command:

system-config-firewall-tui

 

The firewall configuration no longer has the SELinux settings and it will take you through a number of steps to set up the firewall. Of course you will want to enable the firewall and then select “Customize” with the tab.

CentOS 6 Firewall Configuration

 

Use the space key to select the services to enable. The list is greatly expanded in the version for CentOS 6. The name that is used is coming from the file /etc/services which is a system file that connects a name with the port. So if you are wondering which port is being referenced you may review that file.

CentOS 6 Firewall Configuration Trusted Services

 

If the service is not listed you can use the “Forward” button to take you through the process of entering the port number and protocol that you would like to list. Here is an example showing the port and protocol.

CentOS 6 Firewall Configuration Port and Protocol

 

Once this is entered you should be able to see it listed in the interface. This provides flexibility in firewall configuration.

CentOS 6 Firewall Configuration Other Ports

 

You are able to list interfaces that should be trusted. This means that the firewall will not effect these interfaces. Be careful with this setting as it is easy to make a mistake and discover it too late. It makes sense in most cases not to trust any connections.

CentOS 6 Firewall Configuration Trusted Services

 

If you have multiple interfaces you can add rules to forward by choosing the “Add” option.

CentOS 6 Firewall Configuration Port Forwarding

 

You now also have an ICMP Filter so you are able to determine if other machines can ping your server for example. Often ping and traceroute are not allowed as this is giving away information to an attacker.

CentOS 6 Firewall Configuration Port Forwarding

 

Finish up the firewall configuration with any custom rules you would like to add.

CentOS 6 Firewall Configuration ICMP Filter

 

Save and now the CentOS firewall should be active.