In today’s digital age, securing network infrastructure against unauthorized access and attacks is paramount. A key component in ensuring this security is the firewall. This article focuses on configuring and managing a firewall for an IPv6 network on the CentOS 7 operating system.

Prerequisites

Before starting, ensure you have access to a root account or an account with sudo privileges on your CentOS 7 server. You should also have a basic understanding of IPv6 addresses and networking.

Step 1: Basics of Firewall on CentOS 7

CentOS 7 uses firewalld as its default firewall management system, replacing the older iptables. Firewalld provides dynamic firewall management with support for network/zone segregation, allowing for the definition of firewall rules without the need for service restarts.

Step 2: Installing and Enabling Firewalld

1. First, install firewalld if it’s not already installed, using the command:

   sudo yum install firewalld
   ​

2. Then enable and start firewalld using the system’s service manager systemctl:

   sudo systemctl start firewalld
   sudo systemctl enable firewalld
   ​

Step 3: Managing Zones

Firewalld uses the concept of zones to define the trust level for network interfaces and the rules applied to them.

• Display available zones with:

  sudo firewall-cmd --get-zones
  ​

• Find out which zone is currently assigned to your network interface:

  sudo firewall-cmd --get-active-zones
  ​

• Assign a network interface to a zone (e.g., public):

  sudo firewall-cmd --zone=public --change-interface=enp0s3
  ​

Replace enp0s3 with the actual name of your interface.

Step 4: Configuring IPv6 Rules

1. Enabling rules for IPv6 is done by adding --permanent and specifying --zone, followed by the specific rules. For example, to allow incoming SSH (port 22) over IPv6:

   sudo firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv6" service name="ssh" accept'
   ​

2. After making any changes to the configuration, reload firewalld to apply the changes:

   sudo firewall-cmd --reload
   ​

Step 5: Review and Debugging

• To view the current rules for a chosen zone, use:

  sudo firewall-cmd --zone=public --list-all
  ​

• If you need to remove a rule, use --remove instead of --add in your command.

Firewall management is crucial for ensuring network security. Firewalld on CentOS 7 offers a flexible and user-friendly interface for firewall management, including support for IPv6. It’s important to regularly review and update your firewall rules to ensure your network remains protected against threats.