How to set firewall rules from a GUI in CentOS

CentOS-LogoSick and tired of countless command line statements to set your firewall rules? Me too. No matter what I try, I never get the results quite right. There’s always some switch I forget and ultimately something isn’t working.

For years I was thinking, “there has to be an easier way, like there is in Plesk”.

And today I found that there is: a rather un-obvious tool called system-config-firewall. It’s a godsend and works in CentOS 6 with iptables, and in CentOS 7 with firewalld.


To make use of it, install the following two packages:

yum install system-config-firewall system-config-firewall-tui

The first one is a version that runs under Gnome and KDE, and second one works on the command line.

The Command Line Version

You can invoke the command line version by running

sudo system-firewall-config-tui

and it will present you with the following interface. You may need to switch the firewall off temporarily, but the tool will tell you if that’s necessary:

Screen Shot 2015-02-10 at 22.33.26

Here’s how to use the interface:
– use the cursor keys to move up and down
– use the SPACE bar to select items
– use TAB to choose the next option
– and once selected, hit RETURN

Screen Shot 2015-02-10 at 22.33.52


system-config-firewall has several built-in presets, such as DNS, FTP, Mail, standard and secure http ports and many others. If you need to open a specific port, hit Add on the “other” screen and define both the port and the protocol. In this example I’m opening port 3306 for incoming MySQL traffic:

Screen Shot 2015-02-10 at 22.39.30

Step forward through all available options, or select Close to move back to the first screen. Make sure the Firewall Enabled option is ticked, then hit OK and all your rules will be saved.

The Desktop Version

If you have Gnome or KDE installed, you can invoke the Desktop Version from the command line like this:

sudo system-firewall-config

Screen Shot 2015-02-10 at 22.48.05

The options are much the same, perhaps a little easier on the eye and easier to select. In addition you have a Wizard which will let you start your firewall rules with a clean slate (great if you’ve been previously poking around on the command line, potentially messing things up).

Screen Shot 2015-02-10 at 22.48.53

Thousand thanks to all the developers who have developed this tool: Thomas Woerner, Chris Lumens, Florian Festi, Brent Fox and many others.

You can leave a comment on my original post.