HAA - Firewall Configuration with CentOS/RHEL

Hi Tim,
Can you please provide more details on what to look for in the firewall settings? I installed fresh CentOS 7 so not sure if there are firewal rules in there.

Hi @RoyRubio,

I don’t personally use CentOS day to day, it has been a while… though I do use RHEL. If I recall correctly CentOS 7 moved to using Firewalld as the default firewall service replacing* IPTables.

The first thing to do is verify which Firewall service is in use, and configure it accordingly according to the HAA documentation.

Here is some RHEL documentation that you may find helpful. (One or more of these may be in their walled garden and would need a support account to access, but pretty easy to do a quick Internet search for ‘firewalld’ and ‘iptables’ configuration in conjunction with CentOS)

Specific Details on HAA can be found in the following references along with the TCP Ports that need to be open in your Firewall.

The following is a sequence I implemented in my sandbox environment to disable IPTables and enable Firewalld while allowing specific ports through the default ‘public’ zone. I recommend that you review the documentation for any changes, and if unfamiliar research firewall usage to understand what changes are being made. (E.g. You may not want to use the ‘public’ zone designation, or open all the same ports depending on your architecture/network design.

Disable IPTables

  1. Stop and Disable IPTables

    systemctl stop iptables.service
    systemctl disable iptables.service

Enable and Configure Firewalld

  1. Enable and Start Firewalld

    systemctl enable firewalld.service
    systemctl start firewalld.service
  2. Set Internal as default zone

    firewall-cmd --set-default-zone=public
  3. Add Ports to Firewall Rules

    firewall-cmd --zone=public --permanent\
      --add-port=3333-3339/tcp \
      --add-port=36379-36380/tcp \
      --add-port=8001/tcp \
      --add-port=8443/tcp \
      --add-port=8444/tcp \
      --add-port=9080/tcp \
      --add-port=9081/tcp \
      --add-port=8070-8071/tcp \
      --add-port=9443/tcp \
      --add-port=10000-19999/tcp \
      --add-port=20000-29999/tcp \
      --add-port=53/tcp \
  4. Reload Firewalld Configuration

    firewall-cmd --reload

Thanks for the information, Tim. These will definitely help.

No worries. Let me know if you have any specific questions or challenges that you run into.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.