Linux IPtables

As you might have guessed from its name, firewalld is part of the systemd family. Firewalld can be installed on Debian/Ubuntu machines, but it's there by default on Red Hat and CentOS. If you've got a web server like Apache running on your machine, you can confirm that the firewall is working by browsing to your server's web root. If the site is unreachable, then firewalld is doing its job.

You'll use the firewall-cmd tool to manage firewalld settings from the command line. Adding the –state argument returns the current firewall status:

# firewall-cmd --state
running

By default, firewalld will be active and will reject all incoming traffic with a couple of exceptions, like SSH. That means your website won't be getting too many visitors, which will certainly save you a lot of data transfer costs. As that's probably not what you had in mind for your web server, though, you'll want to open the HTTP and HTTPS ports that by convention are designated as 80 and 443, respectively. firewalld offers two ways to do that. One is through the –add-port argument that references the port number directly along with the network protocol it'll use (TCP in this case). The –permanent argument tells firewalld to load this rule each time the server boots:

# firewall-cmd --permanent --add-port=80/tcp
# firewall-cmd --permanent --add-port=443/tcp

The –reload argument will apply those rules to the current session:

Curious as to the current settings on your firewall? Run –list-services:

# firewall-cmd --list-services
dhcpv6-client http https ssh

Assuming you've added browser access as described earlier, the HTTP, HTTPS, and SSH ports should now all be open—along with dhcpv6-client, which allows Linux to request an IPv6 IP address from a local DHCP server.