3 Ways to Create a Custom Service in CentOS Firewall

Firewalld is a firewall management tool for Linux operating systems licensed under GNU General Public License 2.

Firewalld is the default firewall management tool in RHEL based Linux distros from version 7 onwards, where it replaces the legacy firewall management tool i.e. iptables. Firewalld is a dynamically managed firewall with support for network zones, IPv4, IPv6, ethernet bridges and IP sets.

In this article, we will explore the 3 ways to create a custom service in CentOS Firewall.

 

Table of Contents:

• System Specification
• 1) Create a Custom Firewalld Service using CLI
• 2) Create a Custom Firewalld Service from XML file
• 3) Create a Custom Firewalld Service from Definition File

System Specification:

Consider a scenario where we are running an Oracle Database 19c instance on CentOS 8 server.

Default Oracle Listener uses the service port 1521/tcp. We have also configured another Oracle Listener service that is using port 1522/tcp.

In short, we have two Oracle listeners running on ports 1521/tcp and 1522/tcp simultaneously.

Our objective is to create a custom firewalld service to control access from network to our Oracle Listener ports.

 

1) Create a Custom Firewalld Service using CLI:

In this method, we will create a custom firewalld service using firewall-cmd command.

Create a new service for Oracle Listener ports.

# firewall-cmd --permanent --new-service=oranet
success

Add long description of the service.

# firewall-cmd --permanent --service=oranet \
> --set-description="Oracle Listener Service"
success

Add short description of the service.

# firewall-cmd --permanent --service=oranet \
> --set-short=oranet
success

Add Oracle Listener service ports.

# firewall-cmd --permanent --service=oranet --add-port=1521/tcp
success

# firewall-cmd --permanent --service=oranet --add-port=1522/tcp
success

Reload firewalld configurations.

# firewall-cmd --reload
success

Display configurations of CentOS firewall.

# firewall-cmd --info-service=oranet
oranet
  ports: 1521/tcp 1522/tcp
  protocols:
  source-ports:
  modules:
  destination:

We can add more settings to our service in similar way. You can refer to Firewalld Documentation for more details.

 

2) Create a Custom Firewalld Service from XML file:

In this method, we will define the firewalld service settings in an XML file and then use firewall-cmd command to create a custom service in our CentOS firewall.

# vi ~/oranet.xml

and add following XML code therein.

<?xml version="1.0" encoding="utf-8"?>
<service>
 <short>oranet</short>
 <description>Oracle Listener Service</description>
 <port protocol="tcp" port="1521" />
 <port protocol="tcp" port="1522" />
</service>

Now use firewall-cmd command to create CentOS firewall service.

# firewall-cmd --permanent --new-service-from-file=oranet.xml
success

Reload firewalld configurations and check oranet service.

# firewall-cmd --reload
success

# firewall-cmd --info-service=oranet
oranet
  ports: 1521/tcp 1522/tcp
  protocols:
  source-ports:
  modules:
  destination:

 

3) Create a Custom Firewalld Service from Definition File:

This method is normally used by software packages during installation to create their respective firewalld services.

In this method, we create a custom service definition file in firewalld configuration directory.

# vi /etc/firewalld/services/oranet.xml

Add following XML code therein.

<?xml version="1.0" encoding="utf-8"?>
<service>
 <short>oranet</short>
 <description>Oracle Listener Service</description>
 <port protocol="tcp" port="1521" />
 <port protocol="tcp" port="1522" />
</service>

Reload firewalld configurations and check service oranet service.

# firewall-cmd --reload
success

# firewall-cmd --info-service=oranet
oranet
  ports: 1521/tcp 1522/tcp
  protocols:
  source-ports:
  modules:
  destination:

We have explored all 3 ways to create a custom service in CentOS firewall.