Many times after installing some application or accessing an inbuilt service outside the system using some other devices, we need to open a network port. It is a communication endpoint defined by a software layer to identify & access some particular process or a type of network service. For example, SSH (Secure Shell Protocol) service, the default port for it is 22, which we can be used to access any particular computer to control remotely. In the same way, CPanel, NextCloud, Apache, and other various tools and software come with their own port number. However, if you have a firewall installed, then most of the ports would be blocked by default, and to communicate with them, first, we have to open the same.
Let’s say you want to open a port 80 or 443 in AlmaLinux 8, then how to do that? To help you with this here is the tutorial.
- How to install firewalld in Almalinux 8 or Rocky Linux including CentOS & RHEL 8
- Open and close ports such as 80, 443, 3603, 22, etc on Almalinux with Firewalld.
- Reload firewall configuration.
- How to list open ports or services
Command to open ports in AlmaLinux 8 or Rocky
Check Firewalld is running or not
The one thing we have to ensure that firewalld is on our AlmaLinux and running properly before opening and closing any port on the system.
sudo systemctl status firewalld
If it not running then use the below commands:
sudo systemctl start firewalld sudo systemctl enable firewalld
Well, those who don’t have firewalld installed and want it to, they can run:
sudo dnf update sudo dnf install firewalld
List all opened ports & services
Before opening any particular port let’s confirm that it is not already active in firewalld and has not been allowed to access through public connections, for that run-
sudo firewall-cmd --list-all
So, in the below screenshot we can clearly see the port 443 or 3602 is not allowed to communicate externally.
FirewallD also comes with some pre-configured services, for them and their ports the firewall allows public communication by default. And SSH, Plex, Cockpit, etc are a few of them. You can check the list of all such services by using the command-
Output: These are the services that are available firewalld as pre-configured and can be opened just using their name with the command syntax given in later steps of this tutorial.
RH-Satellite-6 amanda-client amanda-k5-client amqp amqps apcupsd audit bacula bacula-client bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-mon cfengine cockpit condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git grafana gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-apiserver ldap ldaps libvirt libvirt-tls lightning-network llmnr managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus proxy-dhcp ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tftp tftp-client tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server
List of Zones
Although to access any service we have just allow the service in the public zone, however just for information you can check other available zones as well, in case you want to use any of them.
block dmz drop external home internal nm-shared public trusted work
Use firewalld command to open port or service
Now, the default zone to access the service from the outside network is public, and with the help of the below command syntax, you can open any port or service on your AlmaLinux or Rocky server.
For opening any service which is predefined in
firewalld such as HTTP or OpenVPN, you need to replace the service-name in the below command syntax-
sudo firewall-cmd --zone=public --permanent --add-service=service-name
Let’s say you want to open
openvpn, then the same above syntax can be used as
sudo firewall-cmd --zone=public --permanent --add-service=openvpn
In the same way, those services’ ports are not pre-defined then users can open them manually using this command. Replace type-port-number in the below syntax with the port you want to open. You can also change TCP to UDP as per the requirements.
sudo firewall-cmd --zone=public --permanent --add-port type-port-number/tcp
Example– Lets’ say you want to open 3602
sudo firewall-cmd --zone=public --permanent --add-port 3602/tcp
Although it is not necessary to reload the firewall, however, to ensure it has successfully flushed the previous settings and recognize the newly added service or port for the public zone, let reload its service.
sudo firewall-cmd --reload
You can check whether the port or service successfully active or not by listing them.
Steps to Block or close ports/services in AlmaLinux or Rocky Linux 8
Step 1: To block any already opened service or port, we can use the same command that we have used above to open them. However, if you are unsure that what are the active ones you can use again the command to list them all-
sudo firewall-cmd --list-all
Step 2: Now let’s say you want to close port number 443 or block the service ssh in the firewall. The syntax will be the same we have used to open them, however instead of using option add we use the remove this time.
Syntax to remove some service-
firewall-cmd --zone=public --permanent --remove-service service-name
For example– If we want to blocks service ssh
firewall-cmd --zone=public --permanent --remove-service ssh
Syntax to block some port number:
firewall-cmd --zone=public --permanent --remove-port type-number
Example– Let’s block port 443
sudo firewall-cmd --zone=public --permanent --remove-port 443
sudo firewall-cmd --reload
In this way, we to cannot only check the open ports and services but can also allow and block them to communicate from the outside our Almalinux Linux including Rocky, CetnOS, or RHEL 8.
- How to enable EPEL repository on AlmaLinux 8
- How to block specific port on CentOS 8 such as 22
- How to Install Zoom Client on Almalinux
- How to install Gnome GUI on Almalinux 8.4 or Rocky Linux