The best thing about CentOS 7 is, it has a super easy firewall built-in. I recommend you not to disable the firewall.
To check the active zones:
[root@rh7 ~]# firewall-cmd --get-active-zones public interfaces: enp1s0f0
To get available service names:
[root@rh7 ~]# firewall-cmd --get-services RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
If the service you want to enable listed with the command above, you don’t have to write explicit port number, to allow a service permanently:
[root@rh7 ~]# firewall-cmd --zone=public --add-service=https --permanent success
If the desired service is not available such as POP3 use the following command:
[root@rh7 ~]# firewall-cmd --zone=public --add-port=110/tcp --permanent success
When you finish adding/removing rules, apply them with the command:
[root@rh7 ~]# firewall-cmd --reload success
To check the services enabled on the zone public:
[root@rh7 ~]# firewall-cmd --zone=public --list-all public (default, active) interfaces: enp1s0f0 sources: services: dhcpv6-client http https imaps pop3s smtp ssh ports: 7071/tcp 110/tcp masquerade: no forward-ports: icmp-blocks: rich rules: