Sick and tired of countless command line statements to set your firewall rules? Me too. No matter what I try, I never get the results quite right. There’s always some switch I forget and ultimately something isn’t working.
For years I was thinking, “there has to be an easier way, like there is in Plesk”?
And today I found that there is: a rather un-obvious tool called system-config-firewall. It’s a godsend and works in CentOS 6 with iptables, and in CentOS 7 with firewalld.
To make use of it, install the following two packages:
yum install system-config-firewall system-config-firewall-tui
The first one is a version that runs under Gnome and KDE, and second one works on the command line.
The Command Line Version
You can invoke the command line version by running
and it will present you with the following interface. You may need to switch the firewall off temporarily, but the tool will tell you if that’s necessary:
Here’s how to use the interface:
- use the cursor keys to move up and down
- use the SPACE bar to select items
- use TAB to choose the next option
- and once selected, hit RETURN
system-config-firewall has several built-in presets, such as DNS, FTP, Mail, standard and secure http ports and many others. If you need to open a specific port, hit Add on the “other” screen and define both the port and the protocol. In this example I’m opening port 3306 for incoming MySQL traffic:
Step forward through all available options, or select Close to move back to the first screen. Make sure the Firewall Enabled option is ticked, then hit OK and all your rules will be saved.
The Desktop Version
If you have Gnome or KDE installed, you can invoke the Desktop Version from the command line like this:
In addition, there should also be a handy menu item under System – Administration – Firewall which will start the same thing.
The options are much the same, perhaps a little easier on the eye and easier to select. In addition you have a Wizard which will let you start your firewall rules with a clean slate (great if you’ve been previously poking around on the command line, potentially messing things up).
Thousand thanks to all the developers who have written this tool: Thomas Woerner, Chris Lumens, Florian Festi, Brent Fox and many others.