How to configure firewall and SELinux in CentOS 8

 < Add user accounts | Configure the network >

Firewall
The firewall is a security system which monitors and controls all incoming and outgoing network traffic, based on the set security rules. CentOS, RHL, and Fedora all come with a firewall, which is provided by the  service. This is automatically enabled in CentOS 8. You can check its status by running this command:

You can view its settings by issuing:

Its possible to disable this firewall. You can do this safely if this server is on your local network and not connected to the internet. It is VERY unrecommended to disable the firewall if it is connected to the internet.

To disable it, you can run these commands:

To re-enable the firewall, run these commands:

SELinux
SELinux ("Security Enhanced Linux") gives additional security to the system by determining which process can access what files, directories, ports, etc. SELinux has two possible states, "enabled" and "disabled". If SELinux is disabled, then only Discretionary Access Control (DAC) rules are used. If its enabled, SELinux can run in two modes: "Enforcing" or "Permissive".

Enforcing mode means that SELinux policies are enforced, and SELinux will deny access based on policy rules, and only enables interactions that are allowed. This is the default mode.

Permissive mode means SELinux policies are not enforced, and SELinux does not deny access but denials are still logged for things that would have been denied in enforcing mode. Permissive mode is the default during installation.

You can check the status of SELinux like this:

Again, its very unrecommended to disable SELinux if you're connected to the internet (although it may be necessary in some cases), but if you're running on a Local Network or need to disable it for another reason, you can do it temporarily like this:

If you need to permanently set the SELinux status, here is how to do that:

 < Add user accounts | Configure the network >