In this guide, we want to teach you How To Open And Close Ports with FirewallD on Rocky Linux 8.
FirewallD is a tool that acts as a firewall in Linux operating systems. It helps in protecting the system from unusual traffic and also securing different protocols, by disabling their default.
Steps To Open and Close Ports with FirewallD on Rocky Linux 8
To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide the Initial Server Setup with Rocky Linux 8.
Check FirewallD Status on Rocky Linux 8
The first step is to check whether you have FirewallD service active on your server or not.
To do this, run the command below:
sudo systemctl status firewalld
In my case, I get the following output:
Output ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor p> Active: active (running) since Wed 2022-09-14 04:03:47 EDT; 1h 27min ago Docs: man:firewalld(1) Main PID: 89329 (firewalld) Tasks: 2 (limit: 11413) Memory: 28.0M CGroup: /system.slice/firewalld.service └─89329 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork>
If it is not running, use the following commands to start and enable your firewallD:
# sudo systemctl start firewalld # sudo systemctl enable firewalld
If your service is not available, you can install FirewallD with the following command:
# sudo dnf update # sudo dnf install firewalld
List Open Ports and Services With FirewallD
At this point, you need to confirm that any particular port is not already active in firewalld and has not been allowed to access through public connections on Rocky Linux 8. To do this, run the following command:
sudo firewall-cmd --list-all
Output public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: cockpit dhcpv6-client ssh ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Also, FirewallD comes with some pre-configured services, for them and their ports the firewall allows public communication by default. And SSH, Plex, Cockpit, etc are a few of them. You can check the list of all such services by using the command below:
sudo firewall-cmd --get-services
Output RH-Satellite-6 RH-Satellite-6-capsule amanda-client amanda-k5-client amqp amqps apcupsd audit bacula bacula-client bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-mon cfengine cockpit collectd condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master git grafana gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-apiserver ldap ldaps libvirt libvirt-tls lightning-network llmnr managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus proxy-dhcp ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tftp tftp-client tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server
These are the services that are available firewalld as pre-configured and can be opened just using their names.
List Zones with FirewallD
At this point, you can access any service that you have just allowed the service in the public zone, however, just for information, you can check other available zones as well, in case you want to use any of them.
sudo firewall-cmd --get-zones
Output block dmz drop external home internal nm-shared public trusted work
How To Open Port or Service on Rocky Linux 8
You can simply open a port or a service from the Public zone, with the help of the following commands:
Open a Service:
sudo firewall-cmd --zone=public --permanent --add-service=service-name
For example, opening HTTP traffic through the firewall:
sudo firewall-cmd --zone=public --permanent --add-service=http
Open a Particular Port:
sudo firewall-cmd --zone=public --permanent --add-port type-port-number/tcp
For example, open port 1000:
sudo firewall-cmd --zone=public --permanent --add-port 1000/tcp
Note: After any changes, remember to reload FirewallD to apply the changes:
sudo firewall-cmd --reload
How To Close Ports and Services on Rocky Linux 8
You can simply use the FirewallD commands to block a port or service.
Block a Service:
sudo firewall-cmd --zone=public --permanent --remove-service service-name
Block a particular port:
firewall-cmd --zone=public --permanent --remove-port type-number
Remember to reload FirewallD after your changes:
sudo firewall-cmd --reload
For more information, you can visit the FirewallD Documentation page.
At this point, you have learned Open and Close Ports with FirewallD on Rocky Linux 8.
Hope you enjoy it.
You may be like these articles:
Install and Configure Redis on Rocky Linux 8