yum
upgrades for production use, this is the repository for you.
Active subscription is required.
CentOS 7 comes with FirewallD as default firewall software. Iptables is still an option, but there is no reason not to make use of the default.
FirewallD has its own set of service definition files, which allows for easier administration.
For instance, after you have installed Apache or Nginx, you need to open up port 80, which is standard port for HTTP protocol. A single command will suffice for enabling access to your websites:
firewall-cmd --permanent --zone=public --add-service=http
That’s just how easy it is to allow access to Apache or Nginx in FirewallD. If you haven’t enabled the firewall itself, please refer to our setup guide for CentOS 7.
FirewallD FTP rule file
While there is a definition file for FTP service in FirewallD, on some VPS the similar command will not work for allowing FTP access. Why? The FTP service definition file uses “nf_conntrack_ftp” kernel module. But if the module is compiled into kernel (vs. compiled separately) on a VPS, FirewallD seems to have trouble using it.
So instead of:
firewall-cmd --permanent --zone=public --add-service=ftp
Use, as a workaround:
firewall-cmd --permanent --add-port=21/tcp
And finally, apply firewall changes:
firewall-cmd --reload
Note that with this approach, you will likely loose passive mode connection in FTP, resulting in active FTP connection, which provides a bit slower FTP access. So check first whether the standard approach works for you, and then, if it doesn’t, proceed with the workaround command.
Found this fix useful? Let us know in comments.