Skip to main content
  1. Posts/

AlmaLinux Administration Basics - Firewalld

·3 mins
Home Lab CLI Linux Admin
AlmaLinux Administration Basics - This article is part of a series.
Part 3: This Article

Welcome home lab enthusiasts! On this entry I’ll share a small guide to manage the firewall rules in an AlmaLinux environment. As seen on previous entries, this series covers bits that I had to learn by running my own Home Lab running on Proxmox.

Firewalld, the default firewall in RHEL based distributions, it was meant as a replacement for iptables introduced in 2011. At its core, firewalld acts as a security gatekeeper, controlling incoming and outgoing network traffic.

While it comes pre-enabled with a secure default configuration, you might need to open specific ports to allow essential services to function correctly.

For instance, when encountering issues with exporting node metrics on my VMs, I looked around my Proxmox and network configurations, only to discover that the issue was the traffic being blocked from the VM itself.

If you are on a similar situation, this guide will help you with the following:

  • Allowing ports or services through the firewall: Grant access to incoming connections for your chosen services.
  • Applying firewall rules: Activate changes made to firewall configurations.
  • Checking open ports and services: Maintain awareness of currently accessible ports and services.
  • Managing opened ports: Revoke access when a service is no longer required.

Understanding Firewall Ports and Zones
#

Firewalld utilizes zones to categorize network interfaces and manage traffic flow accordingly. Your home lab network interface likely belongs to the “public” zone, which handles internet-facing traffic.

Generally, the default rule of a firewall is to deny everything and only allow specific exceptions to pass through for needed services.

You can add rules to this zone to control incoming traffic from the internet. There are two primary methods for opening ports:

  1. By Service: This is the preferred approach as it automatically opens the relevant port number associated with a service. For instance, the following command allows HTTP traffic on port 80.

    firewall-cmd --zone=public --add-service=http --permanent
    
  2. By Port Number: Use this method if there’s no corresponding service for the port you want to open. The following command opens port 8080 for TCP connections:

    firewall-cmd --zone=public --add-port=8080/tcp --permanent
    

Essential Firewall Management Commands
#

  • Listing Open Services and Ports: Display active services with open ports

    firewall-cmd --zone=public --list-services
    

    Display open ports regardless of associated service

    firewall-cmd --zone=public --list-ports
    
  • Reloading Firewall: This will activate any permanent changes made on the firewall Rules

    firewall-cmd --reload
    
  • Viewing All Firewall Rules: This provides a comprehensive view of your firewall configuration

    firewall-cmd --list-all
    
  • Closing a Port: Removes the HTTPS rule from the firewall

    firewall-cmd --zone=public --permanent --remove-service=HTTPS
    

Common Ports and Firewall Commands for Home Lab Services
#

These are some helpful commands to open ports for essential services you might use in your home lab environment:

# Allow HTTP through firewall
firewall-cmd --zone=public --add-service=http --permanent

# Allow HTTPS through firewall
firewall-cmd --zone=public --add-service=https --permanent

# Allow MySQL through firewall
firewall-cmd --zone=public --add-service=mysql --permanent

# Allow SSH through firewall (assuming it's not already open)
firewall-cmd --zone=public --add-service=ssh --permanent

# Allow DNS through firewall
firewall-cmd --zone=public --add-service=dns --permanent

# Allow PostgreSQL through firewall
firewall-cmd --zone=public --add-service=postgresql --permanent

# Allow telnet through firewall
firewall-cmd --zone=public --add-service=telnet --permanent

Security Considerations When Opening ports
#

Always prioritize security when managing your firewall. Only open ports for services you genuinely need and actively use in your home lab.

Here are some additional security best practices to consider:

  • Minimize Exposed Ports: Only open the specific ports required for a service to function. Avoid opening entire port ranges.
  • Strong Passwords: Enforce strong passwords for all services that require authentication, especially for remotely accessible services.
  • Keep Software Updated: Regularly update your AlmaLinux system and applications to address security vulnerabilities.
  • Monitor Firewall Logs: Regularly review your firewall logs for suspicious activity that might indicate unauthorized access attempts.

By following these steps and understanding firewall rules, you can effectively manage incoming traffic in your AlmaLinux home lab.

AlmaLinux Administration Basics - This article is part of a series.
Part 3: This Article

Related

AlmaLinux Administration Basics - Users
3 mins
Home Lab CLI Linux Admin
AlmaLinux Administration Basics - Installation
3 mins
Home Lab CLI Linux Admin
Networking 101: DNS, DHCP, and Proxies
3 mins
Networking Home Lab