Open and Close Ports with FirewallD on Rocky Linux 8

In this guide, we want to teach you How To Open And Close Ports with FirewallD on Rocky Linux 8.

FirewallD is a tool that acts as a firewall in Linux operating systems. It helps in protecting the system from unusual traffic and also securing different protocols, by disabling their default.

Steps To Open and Close Ports with FirewallD on Rocky Linux 8

To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide the Initial Server Setup with Rocky Linux 8.

Check FirewallD Status on Rocky Linux 8

The first step is to check whether you have FirewallD service active on your server or not.

To do this, run the command below:

sudo systemctl status firewalld

In my case, I get the following output:

● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor p>
   Active: active (running) since Wed 2022-09-14 04:03:47 EDT; 1h 27min ago
     Docs: man:firewalld(1)
 Main PID: 89329 (firewalld)
    Tasks: 2 (limit: 11413)
   Memory: 28.0M
   CGroup: /system.slice/firewalld.service
           └─89329 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork>

If it is not running, use the following commands to start and enable your firewallD:

# sudo systemctl start firewalld
# sudo systemctl enable firewalld

If your service is not available, you can install FirewallD with the following command:

# sudo dnf update
# sudo dnf install firewalld

List Open Ports and Services With FirewallD

At this point, you need to confirm that any particular port is not already active in firewalld and has not been allowed to access through public connections on Rocky Linux 8. To do this, run the following command:

sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  services: cockpit dhcpv6-client ssh
  forward: no
  masquerade: no
  rich rules:

Also, FirewallD comes with some pre-configured services, for them and their ports the firewall allows public communication by default. And SSH, Plex, Cockpit, etc are a few of them. You can check the list of all such services by using the command below:

sudo firewall-cmd --get-services
RH-Satellite-6 RH-Satellite-6-capsule amanda-client amanda-k5-client amqp amqps apcupsd audit bacula bacula-client bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-mon cfengine cockpit collectd condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master git grafana gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-apiserver ldap ldaps libvirt libvirt-tls lightning-network llmnr managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus proxy-dhcp ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tftp tftp-client tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server

These are the services that are available firewalld as pre-configured and can be opened just using their names.

List Zones with FirewallD

At this point, you can access any service that you have just allowed the service in the public zone, however, just for information, you can check other available zones as well, in case you want to use any of them.

sudo firewall-cmd --get-zones
block dmz drop external home internal nm-shared public trusted work

How To Open Port or Service on Rocky Linux 8

You can simply open a port or a service from the Public zone, with the help of the following commands:

Open a Service:

sudo firewall-cmd --zone=public --permanent --add-service=service-name

For example, opening HTTP traffic through the firewall:

sudo firewall-cmd --zone=public --permanent --add-service=http

Open a Particular Port:

sudo firewall-cmd --zone=public --permanent --add-port type-port-number/tcp

For example, open port 1000:

sudo firewall-cmd --zone=public --permanent --add-port 1000/tcp

Note: After any changes, remember to reload FirewallD to apply the changes:

sudo firewall-cmd --reload

How To Close Ports and Services on Rocky Linux 8

You can simply use the FirewallD commands to block a port or service.

Block a Service:

sudo firewall-cmd --zone=public --permanent --remove-service service-name

Block a particular port:

firewall-cmd --zone=public --permanent --remove-port type-number

Remember to reload FirewallD after your changes:

sudo firewall-cmd --reload

For more information, you can visit the FirewallD Documentation page.


At this point, you have learned Open and Close Ports with FirewallD on Rocky Linux 8.

Hope you enjoy it.

You may be like these articles:

Install and Configure Redis on Rocky Linux 8

Introducing AlmaLinux As a Replacement for CentOS



Please enter your comment!
Please enter your name here

Latest Articles


Most Popular