Firewalld Centos 7 creating rule

Samul asked:

I created a custom zone inside my firewalld on my Centos 7. This custom zone has no rules yet. I want to do this: first add a rule that allows all the outbound traffic and drops all inbound traffic. After that I want to allow specific port/protocol inboung, adding exceptions to the firewalld. How do I do that? In my iptables I used this:

iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 443-j ACCEPT

How does I migrate these rules to the firewalld example below where XXX will be something like “add-rule”, “add-rich-rule” or something you think is correct:

firewall-cmd –permanent –zone=custom_zone XXX

My answer:


firewalld already allows outbound traffic and blocks all inbound traffic. You only need to add the services or ports you want to open.

firewall-cmd --zone=custom_zone --add-service=https

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.