How to set firewall rules from a GUI in CentOS

CentOS-LogoSick and tired of countless command line statements to set your firewall rules? Me too. No matter what I try, I never get the results quite right. There’s always some switch I forget and ultimately something isn’t working.

For years I was thinking, “there has to be an easier way, like there is in Plesk”?

And today I found that there is: a rather un-obvious tool called system-config-firewall. It’s a godsend and works in CentOS 6 with iptables, and in CentOS 7 with firewalld.


To make use of it, install the following two packages:

The first one is a version that runs under Gnome and KDE, and second one works on the command line.

The Command Line Version

You can invoke the command line version by running

and it will present you with the following interface. You may need to switch the firewall off temporarily, but the tool will tell you if that’s necessary:

Screen Shot 2015-02-10 at 22.33.26

Here’s how to use the interface:

  • use the cursor keys to move up and down
  • use the SPACE bar to select items
  • use TAB to choose the next option
  • and once selected, hit RETURN

Screen Shot 2015-02-10 at 22.33.52


system-config-firewall has several built-in presets, such as DNS, FTP, Mail, standard and secure http ports and many others. If you need to open a specific port, hit Add on the “other” screen and define both the port and the protocol. In this example I’m opening port 3306 for incoming MySQL traffic:

Screen Shot 2015-02-10 at 22.39.30

Step forward through all available options, or select Close to move back to the first screen. Make sure the Firewall Enabled option is ticked, then hit OK and all your rules will be saved.

The Desktop Version

If you have Gnome or KDE installed, you can invoke the Desktop Version from the command line like this:

In addition, there should also be a handy menu item under System – Administration – Firewall which will start the same thing.

Screen Shot 2015-02-10 at 22.48.05

The options are much the same, perhaps a little easier on the eye and easier to select. In addition you have a Wizard which will let you start your firewall rules with a clean slate (great if you’ve been previously poking around on the command line, potentially messing things up).

Screen Shot 2015-02-10 at 22.48.53

Thousand thanks to all the developers who have written this tool: Thomas Woerner, Chris Lumens, Florian Festi, Brent Fox and many others.

About Jay Versluis

Jay is a medical miracle known as a Super Survivor. He runs two YouTube channels, five websites and several podcast feeds. To see what else he's up to, and to support him on his mission to make the world a better place, check out his Patreon Campaign.

8 thoughts on “How to set firewall rules from a GUI in CentOS

  1. After a seemingly successful install on centOS7
    Just get bash: system-firewall-config-tui:: command not found

    Anything else I should know?

    1. Hi Lem,

      d’oh, that was a stupid typo I snuck in there… the CORRECT command is actually system-config-firewall-tui (see what I did there…?) I’ll update the article now. Thanks for bringing this to my attention!

      Happy Firewalling!

Add your voice!