Troubleshooting “firewall-cmd: command not found” Error in CentOS 7 Minimal Install


2 views

After a fresh CentOS 7 minimal installation on an OpenVZ VPS, you might encounter this unexpected situation when trying to configure firewall rules. The system reports that neither firewall-cmd nor firewall-offline-cmd commands are available, and the service appears completely missing from the system.

This typically occurs because:

  • The minimal CentOS 7 installation doesn't include firewalld by default
  • The OpenVZ virtualization platform might have specific networking requirements
  • The firewalld package might have been excluded during installation

First, confirm whether firewalld is actually installed:

rpm -q firewalld

If this returns package firewalld is not installed, we need to install it.

Use yum to install the missing components:

yum install firewalld firewall-config -y

After installation completes, verify the package:

rpm -ql firewalld | grep bin

This should show you the location of firewall-cmd binary (typically /usr/bin/firewall-cmd).

If you prefer using traditional iptables instead, you can:

systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services -y
systemctl enable iptables
systemctl start iptables

If installation succeeds but commands still aren't working:

  1. Check your PATH variable: 
    echo $PATH
  2. Try running with full path: 
    /usr/bin/firewall-cmd --state
  3. Verify the package installation: 
    rpm -V firewalld

Once installed, you can use these common commands:

# Check firewalld status
firewall-cmd --state

# Add HTTP service permanently
firewall-cmd --permanent --add-service=http

# Reload firewall rules
firewall-cmd --reload

# List active rules
firewall-cmd --list-all

In OpenVZ environments, you might need to:

  • Ensure network device is properly initialized
  • Check with your VPS provider about firewall restrictions
  • Verify that the container template includes necessary components

After a fresh installation of CentOS 7, you might encounter the "firewall-cmd: command not found" error when trying to configure firewall rules. This typically indicates that firewalld, the default dynamic firewall manager in CentOS 7, isn't installed on your system.

First, verify if firewalld is installed and running:

# systemctl status firewalld

If you see "Unit firewalld.service could not be found", it means the package isn't installed.

To install firewalld, run:

# yum install firewalld -y

After installation, start and enable the service:

# systemctl start firewalld
# systemctl enable firewalld

Once installed, you can manage ports and services:

# firewall-cmd --permanent --add-port=80/tcp
# firewall-cmd --reload

Verify the changes:

# firewall-cmd --list-ports
# firewall-cmd --list-services

If you prefer to use iptables instead (not recommended for CentOS 7):

# yum install iptables-services
# systemctl mask firewalld
# systemctl enable iptables
# systemctl start iptables
  • Check SELinux status: getenforce
  • Verify package installation: rpm -qa | grep firewalld
  • Examine logs: journalctl -xe

Here's a quick reference for essential commands:

# firewall-cmd --state
# firewall-cmd --get-default-zone
# firewall-cmd --get-active-zones
# firewall-cmd --zone=public --list-all