Bobcares

WeSupport

Call Us! 1-800-383-5193
Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Need Help?

Emergency Response Time custom

Our experts have had an average response time of 11.06 minutes in March 2021 to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

Enable Firewall On AlmaLinux

by | May 21, 2021

Wondering how to enable Firewall On AlmaLinux? We can help you.

Firewalld is the firewall manager that comes pre-installed on AlmaLinux, whether we have freshly installed AlmaLinux or migrated from CentOS to AlmaLinux.

As a part of our Server Management Services, we assist our customers with several firewall queries.

Today, let’s see how our Support Engineers enable the firewall on AlmaLinux for our customers.

 

How to enable Firewall On AlmaLinux?

By default, the firewall is turn on, meaning that a very limited number of services are able to receive incoming traffic.

Today, let us see how to disable or enable the firewall in AlmaLinux, along with checking the status of the firewall.

These are good troubleshooting options when trying to determine if a firewall rule is blocking traffic to or from a particular service.

firewalld is simply a front end for the system’s nftables (formerly iptables) firewall.

This makes the firewall easier to interact with.

but essentially firewalld just translates all our commands into corresponding nft commands.

 

Prerequisites to enable Firewall On AlmaLinux

  • Privileged access to Linux system as root or via the sudo command.

 

Check the status of firewall on AlmaLinux

We can interact with the firewalld service through systemd.

To see whether firewalld is currently running, execute the following systemctl command in a terminal.

$ systemctl status firewalld

This will show whether firewalld is currently running and it is set to enabled.

If it is enabled, then it will start automatically whenever the system boots up.

To see what services firewalld has configured, try the following command.

$ sudo firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

We can see that firewalld currently has rules configured for cockpit, DHCP and SSH.

 

Stop or start firewall on AlmaLinux

Use the following systemd commands to stop or start the firewalld service.

To stop the firewall:

$ sudo systemctl stop firewalld

We can confirm that the firewall is off by checking its status once again.

Since firewalld is currently enabled (set to start automatically at boot), the service will stay disabled until we manually start it again or reboot the system.

To start the firewall again, execute the following command.

$ sudo systemctl start firewalld

If all we need to do is restart the process, we can do that as well.

$ sudo systemctl restart firewalld

How to permanently enable or disable firewall on AlmaLinux

By default, firewalld starts automatically when our system loads in. To change this behavior, we can issue the systemctl disable command. This, combined with the systemctl stop command, will permanently disable firewalld.

$ sudo systemctl disable firewalld

You can re-enable firewalld at any time by executing the following command.

$ sudo systemctl enable firewalld

 

Allow a port through firewall on AlmaLinux

Follow the steps given below, to allow ports or services through firewalld on AlmaLinux.

Step 1:

When checking for open firewall ports on RHEL 8/CentOS 8 Linux, it is important to know that firewall ports we can open in two main different ways.

Firstly, the firewall port can be opened as part of a pre-configured service. For instance, open the port for HTTP to the public zone.

# firewall-cmd –zone=public –add-service=http –permanent

Of course, adding the HTTP service to firewalld is the equivalent of opening port 80.

Step 2:

Secondly, the ports can be open directly as custom user predefined ports. For instance, open port 8080.

# firewall-cmd –zone=public –add-port 8080/tcp –permanent

Since 8080 does not have an associated service, it is necessary for us to specify the port number rather than a service name if we want to open this port.

Step 3:

To check which service ports are open, execute the following command.

# firewall-cmd –zone=public –list-services
cockpit dhcpv6-client http https ssh

The above services (cockpit, DHCP, HTTP, HTTPS, and SSH) have their relevant port numbers open.

Step 4:

To check which port numbers are open, use this command:

# firewall-cmd –zone=public –list-ports
20/tcp 8080/tcp

The above ports, 20 and 8080, are open to incoming traffic.

Step 5:

After we have allowed our ports and services through the firewall, we have to reload firewalld for the changes to take effect. All rules with the –permanent option will now become part of the runtime configuration. Rules without this option will be discarded.

# firewall-cmd –reload
Step 6:

We can also see a list of all open services and ports by using the –list-all option.

# firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client http ssh
ports: 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Step 7:

Firewalld works with zones. Depending on which zone our network interface(s) is using.

We may need to add our allowed port to that particular zone.

The first step above shows how to add a rule to the “public” zone.

To see the rules for that zone specifically, continue using the –zone= syntax.

# firewall-cmd –list-all –zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client http ssh
ports: 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Step 8:

In case we need to close one of the previously configured open ports, we can use the following command syntax.

In this example, we close the port for HTTPS.

# firewall-cmd –zone=public –permanent –remove-service=https

 

[Stuck with any of the firewall query? We’d be happy to help you]

 

Conclusion

In short, we can allow certain ports through the firewall, which lets incoming connections reach our services. Today, we saw how our support Techs enable Firewall On AlmaLinux.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF