Wondering how to enable Firewall On AlmaLinux? We can help you.

Firewalld is the firewall manager that comes pre-installed on AlmaLinux, whether we have freshly installed AlmaLinux or migrated from CentOS to AlmaLinux.

As a part of our Server Management Services, we assist our customers with several firewall queries.

Today, let’s see how our Support Engineers enable the firewall on AlmaLinux for our customers.

How to enable Firewall On AlmaLinux?

By default, the firewall is turn on, meaning that a very limited number of services are able to receive incoming traffic.

Today, let us see how to disable or enable the firewall in AlmaLinux, along with checking the status of the firewall.

These are good troubleshooting options when trying to determine if a firewall rule is blocking traffic to or from a particular service.

firewalld is simply a front end for the system’s nftables (formerly iptables) firewall.

This makes the firewall easier to interact with.

but essentially firewalld just translates all our commands into corresponding nft commands.

Prerequisites to enable Firewall On AlmaLinux

• Privileged access to Linux system as root or via the sudo command.

Check the status of firewall on AlmaLinux

We can interact with the firewalld service through systemd.

To see whether firewalld is currently running, execute the following systemctl command in a terminal.

$ systemctl status firewalld

This will show whether firewalld is currently running and it is set to enabled.

If it is enabled, then it will start automatically whenever the system boots up.

To see what services firewalld has configured, try the following command.

$ sudo firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

We can see that firewalld currently has rules configured for cockpit, DHCP and SSH.

Stop or start firewall on AlmaLinux

Use the following systemd commands to stop or start the firewalld service.

To stop the firewall:

$ sudo systemctl stop firewalld

We can confirm that the firewall is off by checking its status once again.

Since firewalld is currently enabled (set to start automatically at boot), the service will stay disabled until we manually start it again or reboot the system.

To start the firewall again, execute the following command.

$ sudo systemctl start firewalld

If all we need to do is restart the process, we can do that as well.

$ sudo systemctl restart firewalld

How to permanently enable or disable firewall on AlmaLinux

By default, firewalld starts automatically when our system loads in. To change this behavior, we can issue the systemctl disable command. This, combined with the systemctl stop command, will permanently disable firewalld.

$ sudo systemctl disable firewalld

You can re-enable firewalld at any time by executing the following command.

$ sudo systemctl enable firewalld

Allow a port through firewall on AlmaLinux

Follow the steps given below, to allow ports or services through firewalld on AlmaLinux.

Step 1:

When checking for open firewall ports on RHEL 8/CentOS 8 Linux, it is important to know that firewall ports we can open in two main different ways.

Firstly, the firewall port can be opened as part of a pre-configured service. For instance, open the port for HTTP to the public zone.

# firewall-cmd –zone=public –add-service=http –permanent

Of course, adding the HTTP service to firewalld is the equivalent of opening port 80.

Step 2:

Secondly, the ports can be open directly as custom user predefined ports. For instance, open port 8080.

# firewall-cmd –zone=public –add-port 8080/tcp –permanent

Since 8080 does not have an associated service, it is necessary for us to specify the port number rather than a service name if we want to open this port.

Step 3:

To check which service ports are open, execute the following command.

# firewall-cmd –zone=public –list-services
cockpit dhcpv6-client http https ssh

The above services (cockpit, DHCP, HTTP, HTTPS, and SSH) have their relevant port numbers open.

Step 4:

To check which port numbers are open, use this command:

# firewall-cmd –zone=public –list-ports
20/tcp 8080/tcp

The above ports, 20 and 8080, are open to incoming traffic.

Step 5:

After we have allowed our ports and services through the firewall, we have to reload firewalld for the changes to take effect. All rules with the –permanent option will now become part of the runtime configuration. Rules without this option will be discarded.

# firewall-cmd –reload

Step 6:

We can also see a list of all open services and ports by using the –list-all option.

# firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client http ssh
ports: 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Step 7:

Firewalld works with zones. Depending on which zone our network interface(s) is using.

We may need to add our allowed port to that particular zone.

The first step above shows how to add a rule to the “public” zone.

To see the rules for that zone specifically, continue using the –zone= syntax.

# firewall-cmd –list-all –zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client http ssh
ports: 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Step 8:

In case we need to close one of the previously configured open ports, we can use the following command syntax.

In this example, we close the port for HTTPS.

# firewall-cmd –zone=public –permanent –remove-service=https

[Stuck with any of the firewall query? We’d be happy to help you]

Conclusion

In short, we can allow certain ports through the firewall, which lets incoming connections reach our services. Today, we saw how our support Techs enable Firewall On AlmaLinux.