3 ways to Create a Linux Firewall Service

Discover three effective methods to create a Linux firewall service with our detailed guide. Learn how to configure firewall rules using firewalld, to secure your Linux server. #centlinux #linux #firewall

What is Firewalld?

Firewalld is a firewall management tool for Linux operating systems licensed under GNU General Public License 2.

Firewalld is the default firewall management tool in RHEL based Linux distros from version 7 onwards, where it replaces the legacy firewall management tool i.e. iptables. Firewalld is a dynamically managed firewall with support for network zones, IPv4, IPv6, ethernet bridges and IP sets.

Firewalld is a dynamic firewall management tool for Linux systems that provides a flexible and user-friendly way to configure firewall rules and manage network traffic. It is designed to be more intuitive and versatile than older firewall management tools like iptables.

Here’s a detailed overview of Firewalld, including its features, components, and how to use it:

Key Features of Firewalld

1. Dynamic Firewall Management:
   • Real-Time Changes: Firewalld allows you to apply changes to firewall rules without restarting the firewall service. This means you can modify rules on-the-fly, which is useful for maintaining active services without downtime.
2. Zone-Based Configuration:
   • Predefined Zones: Firewalld uses zones to apply different sets of rules based on network connections. Each zone defines a security level and specifies which services and ports are allowed or denied.
   • Common Zones: Includes predefined zones like public, private, internal, and dmz for different security requirements.
3. Rich Language for Rules:
   • Simplified Syntax: Firewalld provides a user-friendly interface for defining rules. You can specify services, ports, and IP addresses in a straightforward manner.
4. Service Management:
   • Service Definitions: Firewalld supports service management, allowing you to enable or disable predefined services (like HTTP, SSH) with simple commands.
5. Firewall Backends:
   • Backend Options: Firewalld supports multiple backend firewall technologies, including iptables, ip6tables, and nftables, allowing you to choose the best backend for your needs.
6. Support for IPv4, IPv6, and Network Zones:
   • Comprehensive Support: Manages rules for both IPv4 and IPv6 traffic, and organizes network traffic based on different zones.
7. Logging and Monitoring:
   • Traffic Logging: Firewalld can log traffic that matches specific rules, helping you monitor and analyze network activity.

Recommended Training: Linux Administration: The Complete Linux Bootcamp in 2025 from Andrei Dumitrescu, Crystal Mind Academy

Components of Firewalld

Zones:

• Definition: Zones represent different levels of trust for network connections.
• Examples:
  • Public: For public networks where you don’t trust other computers.
  • Home: For home networks where you trust the other devices.
  • Work: For work networks where you trust the other devices but require higher security.
  • Internal: For internal networks with moderate trust.
  • Trusted: All traffic is allowed.

Services:

• Definition: Predefined configurations for common network services.
• Examples:
  • http: Web server
  • ssh: Remote server access

Rich Rules:

• Definition: Advanced rules for complex configurations.
• Examples: Allowing traffic from a specific IP address or network.

Direct Rules:

• Definition: Low-level rules that interact directly with the backend firewall technologies.
• Examples: Custom iptables rules for advanced configurations.

Use Cases for Firewalld

1. Network Security:
   • Protect Services: Secure services and applications from unauthorized access.
   • Traffic Control: Manage inbound and outbound traffic to protect your system.
2. System Administration:
   • Configuration Management: Apply firewall rules and manage network traffic.
   • Service Management: Enable or disable services based on network security requirements.
3. Multi-Zone Environments:
   • Segregation: Use different zones for various network interfaces and security levels.

havit HV-F2056 15.6″-17″ Laptop Cooler Cooling Pad – Slim Portable USB Powered (3 Fans), Black/Blue

(42849)

30% Off $39.99 $27.99 (as of May 21, 2025 18:01 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

[Ultra-portable]: slim, portable, and light weight allowing you to protect your investment wherever you go [Ergonomic comfort]: doubles as an ergonomic stand with two adjustable Height settings [Optimized for laptop carrying]: the high-quality multi-… read more

Linux Server Specification

Consider a scenario where we are running an Oracle Database 19c instance on CentOS 8 server.

Default Oracle Listener uses the service port 1521/tcp. We have also configured another Oracle Listener service that is using port 1522/tcp.

In short, we have two Oracle listeners running on ports 1521/tcp and 1522/tcp simultaneously.

Our objective is to create a custom Linux firewall service to control access to our Oracle Listener ports.

1. Create a Linux Firewall Service using CLI

In this method, we will create a Linux firewall service using firewall-cmd command.

Create a new service for Oracle Listener ports.

firewall-cmd --permanent --new-service=oranet

Add long description of the service.

firewall-cmd --permanent --service=oranet \
--set-description="Oracle Listener Service"

Add short description of the service.

firewall-cmd --permanent --service=oranet \
--set-short=oranet

Add Oracle Listener service ports.

firewall-cmd --permanent --service=oranet --add-port=1521/tcp
firewall-cmd --permanent --service=oranet --add-port=1522/tcp

Reload firewalld configurations.

firewall-cmd --reload

Display configurations of CentOS firewall.

firewall-cmd --info-service=oranet

Output:

oranet
  ports: 1521/tcp 1522/tcp
  protocols:
  source-ports:
  modules:
  destination:

We can add more settings to our service in similar way. You can refer to Firewalld Documentation for more details.

Logitech G432 Wired Gaming Headset, 7.1 Surround Sound, DTS Headphone:X 2.0, Flip-to-Mute Mic, PC (Leatherette) Black/Blue

(12074)

50% Off $79.99 $39.80 (as of May 21, 2025 18:01 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

Frequency Response: 20Hz-20KHz.Headphones fit type:On-Ear Large 50 millimeter audio drivers produce great sound for a more immersive gaming experience Advanced DTS Headphone: X 2; 0 surround sound creates precise positional audio and a 3D soundscape … read more

2. Create a Linux Firewall Service from XML file

In this method, we will define the firewalld service settings in an XML file and then use firewall-cmd command to create a custom service in our Linux firewall.

vi ~/oranet.xml

and add following XML code therein.

<?xml version="1.0" encoding="utf-8"?>
<service>
 <short>oranet</short>
 <description>Oracle Listener Service</description>
 <port protocol="tcp" port="1521" />
 <port protocol="tcp" port="1522" />
</service>

Now use firewall-cmd command to create Linux firewall service.

firewall-cmd --permanent --new-service-from-file=oranet.xml

Reload firewalld configurations and check oranet service.

firewall-cmd --reload

firewall-cmd --info-service=oranet

Output:

oranet
  ports: 1521/tcp 1522/tcp
  protocols:
  source-ports:
  modules:
  destination:

3. Create a Linux Firewall Service from Definition File

This method is normally used by software packages during installation to create their respective firewalld services.

In this method, we create a custom service definition file in firewalld configuration directory.

vi /etc/firewalld/services/oranet.xml

Add following XML code therein.

<?xml version="1.0" encoding="utf-8"?>
<service>
 <short>oranet</short>
 <description>Oracle Listener Service</description>
 <port protocol="tcp" port="1521" />
 <port protocol="tcp" port="1522" />
</service>

Reload firewalld configurations and check service oranet service.

firewall-cmd --reload
firewall-cmd --info-service=oranet

Output:

oranet
  ports: 1521/tcp 1522/tcp
  protocols:
  source-ports:
  modules:
  destination:

We have explored all 3 ways to create a custom service in CentOS firewall.

Frequently Asked Questions (FAQs)

What is a Linux firewall service?
A Linux firewall service manages network traffic by allowing or blocking connections based on predefined rules, enhancing system security.

Why would I need a custom firewall service?
A custom firewall service lets you automate and enforce security rules consistently, ensuring protection without manual configuration each time the system starts.

What are common tools to create a Linux firewall service?
Common tools include iptables, nftables, and firewalld, each offering different levels of control and simplicity.

Do I need root access to set up a firewall service?
Yes, configuring a firewall requires root (or sudo) privileges since it involves modifying system-wide network security rules.

How do I ensure my firewall service starts automatically?
Most methods involve enabling the service via systemd or another init system so it loads at boot. Check your Linux distribution’s documentation for specifics.

Disarming Code: System Programming, Debugging & Reverse Engineering in Linux, Android, Darwin

(as of May 21, 2025 18:01 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

Final Thoughts

Creating a Linux firewall service can be achieved through various methods, each offering different levels of control and flexibility. Whether you choose to use firewalld for dynamic zone-based management, iptables for granular rule configuration, or develop a custom systemd firewall script, each approach helps secure your system by controlling inbound and outbound traffic.

Understanding the strengths of each method allows you to choose the most appropriate solution for your environment. Regularly reviewing and updating firewall rules is crucial to maintaining system security over time.

Struggling with AWS or Linux server issues? I specialize in configuration, troubleshooting, and security to keep your systems performing at their best. Check out my Fiverr profile for details.

Secure your Linux server with tailored firewall solutions from a trusted expert today!