How to install and use Firewalld on Rocky Linux 8

Firewalls are one of the most essential parts of security when we are going online. Here we learn the steps and command to install, configure, and how to use FirewallD on Rocky Linux 8 using CLI or GUI.

Many of us who are not already Linux would already be familiar with the firewall feature on Windows, where it is very easy to turn On or Off ports or services using GUI. However, what about Linux such as CentOS, Rocky Linux, RedHat, AlmaLinux, and more… If you are using full Linux Desktop then a firewall would already be there but in most of the cases without a graphical interface. Nevertheless, Debian, RedHat, Ubuntu, and other Linux systems provide the appropriate firewall GUI software directly from their respective repository to manage things with the help of mouse clicks.

But what if you just want a basic OS installation with no graphical interface? Because minimal versions of Linux would not even have the CLI version of Firewall by default. Well, this is a very small problem, if you have an active internet connection and due to an in-built package manager under Linux, we can install a firewall with just a single command.

Features of FirewallD:

Complete D-Bus API
IPv4, IPv6, bridge, and ipset support
IPv4 and IPv6 NAT support
firewall zones
A predefined list of zones, services, and ICMP types
Simple service, port, protocol, source port, masquerading, port forwarding, ICMP filter, rich rule, interface, and source address handling in zones
Simple service definitions for ports, protocols, source ports, modules (Netfilter helpers), and destination address handling
Rich Language for more flexible and complex rules in zones
Timed rules in zones
Simple logging of rejected packets
Direct interface
Lockdown: Whitelist of users who are allowed to modify the firewall.
Automatic loading of the Linux kernel modules
Works with Puppet
CLI for online and offline configurations
Graphical Tool (using gtk3)
Applet (using Qt4)

Firewalls in CentOS used to be controlled by ipTables. This has largely been superseded by FirewallD. By default, only port 22 is open on Rocky Linux 8, else is closed for now.

Steps to install and configure Firewalld on Rocky Linux 8

The command given here will also be applicable for other Redhat-based systems such as CentOS, Oracle Linux, Rocky Linux, and RedHat.

1. Requirements

There are no special requirements, however, make sure you have the following things:

Rocky Linux 8
At least a non-root sudo user
An Internet connection
Access to Terminal

 

2. DNF Update

The very first thing after installing a Linux OS or before setting up some tool using the package manager is to run a system update. This will ensure all the packages are in their latest state and also refresh the repository cache as well.

sudo dnf update

 

3. Install Firewalld on Rocky Linux 8

We don’t have to look for any third-party repository to get the packages for the installation of FirewallD on Rocky Linux 8 or any other Redhat-based one. It is already supplied by the baseOS repo of the system. Hence, simply run the given command, and you are done.

sudo dnf install firewalld

 

4. Start FirewallD service

The service of Firewalld will not start atomically, we have to do that manually and also enable the same to run with the system boot.

sudo systemctl unmask firewalld
sudo systemctl start firewalld
sudo systemctl enable firewald

Check the status:

sudo systemctl status firewalld

 

4. Check Version

After completing the process of installation successfully, we can check the version of the firewall to confirm it is there on our system.

sudo firewall-cmd --version

 

5. FirewallD Usage on Rocky Linux 8

There are a few predefined zones, we can use with the command of Firewalld to configure various services and ports on the system. Here are those:

drop: Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible.

block: Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated within this system are possible.

public: For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.

external: For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.

dmz: For computers in your demilitarized zone that are publicly accessible with limited access to your internal network. Only selected incoming connections are accepted.

work: For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.

home: For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.

internal: For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.

trusted: All network connections are accepted.

Command Syntax to allow or block ports

So far, you would are already familiar with the zones of the Firewalld program, now we can easily use the command terminal to open, close, and manage ports or services in various zones.

Allow Port

For example- you want to open port 80 or HTTP service: 

sudo firewall-cmd --permanent --zone=public --add-port=80/tcp

or

sudo firewall-cmd --permanent --zone=public --add-service=http

In the same way, we can open ports 22, 443, or services not already allowed in the firewall.

After opening the port, it is important to reload the firewall service to apply the changes we have done.

sudo firewall-cmd --reload

Block/remove Port

Whereas to block any open port or service, we just need to use the remove option, here is the syntax for that.

For example, you want to block port 80, the command will be:

sudo firewall-cmd --permanent --zone=public --remove-port=80/tcp

or if you know the service corresponding to the port:

sudo firewall-cmd --permanent --zone=public --remove-service=hhtp

After that don’t forget to reload the firewall:

sudo firewall-cmd --reload

 

List All the active ports:

To know what are the ports active in the firewall to connect, we can list them using the firewall-cmd command:

sudo firewall-cmd --list-ports

 

List default zone information

When you don’t know which zone has what kind of service or simply want to get all information related to firewall in a different zone, then run:

To list- all ports

sudo firewall-cmd --list-all

Whereas for some specific zone only, the user can declare the same in the command:

sudo firewall-cmd --list-all --zone=home

Command to see which services are allowed

To get the only list of services allowed in the firewall:

sudo firewall-cmd --list-services

 

6. Install FirewallD GUI on Rocky Linux 8

Well, those who are using the graphical user interface of the Rocky Linux 8 or any RPM-based one, can go for the GUI interface to manage the firewall services, easily, such as adding or removing ports and services.

sudo dnf install firewall-config

Once the installation gets completed, go to Application Launcher and search for –Firewall. As its icon appears click to run the same.

Using the GUI we can easily configure various services and ports with the help of just a few clicks.

Install FirewallD GUI using command on Rocky Linux 8

 

7. Stop and disable Firewalld

Whenever you don’t want your Firewall to block or allow any port/service, we can stop it temporarily until the system start.

sudo systemctl stop firewalld

Whereas, if you want to stop and disable the Firewall permanently, run:

sudo systemctl disable firewalld
sudo systemctl mask firewalld

 

8. Uninstall or Remove

In case you don’t want the FirewallD on your system anymore, we can remove it using the DNF package manager by using the “remove” option.

sudo dnf remove firewalld

for GUI, if you have installed:

sudo dnf remove firewall-config

 

Conclusion

In this way, we can install and use FirewallD on Allamlinux and other RPM-based Linux systems to secure our system from the outside world to some extent. Learn more about it at the official FirewallD Documentation.

 

Other Articles:

How to Install VS Code-Server on Rocky Linux 8
How to install Git on Rocky Linux 8
Install Vivaldi Browser on Rocky Linux 8

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.