How To Enable FirewallD GUI on Rocky Linux 8 | Best Setup

In this tutorial, we want to teach you How To Enable FirewallD GUI on Rocky Linux 8. FirewallD is software that provides the system firewall feature to protect Rocky Linux from unwanted access by disabling and enabling ports, services, or protocols.

However, for users that are used to an interface such as Graphical User Interface (GUI), the command line may seem difficult at first glance because there’s no visual representation, and those who are not comfortable learning the command line terminal may be exposed to the possibility of having an unsecured system. So, in this guide from the Orcacore website, you will learn to enable the FirewallD GUI.

To complete this guide on How To Enable FirewallD GUI on Rocky Linux 8, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on the Initial Server Setup with Rocky Linux 8.

1. Install FirewallD on Rocky Linux 8

First, you need to update your local package index with the command below:

sudo dnf update -y

If you don’t have firewalld already on your system, then you have to install it. Run the command below to install the firewalld:

sudo dnf install firewalld -y

When your installation is completed, start and enable your service with the following commands:

# sudo systemctl start firewalld
# sudo systemctl enable firewalld

Verify your FirewallD service is active and running on Rocky Linux 8:

sudo systemctl status firewalld

2. Install FirewallD GUI on Rocky Linux

Now that you have Firewalld installed on your server, you can install the graphical user interface program for it. The packages are available in the default Rocky Linux repository.

To do this, run the command below:

sudo dnf install firewall-config -y

Note: If you are using the KDE desktop, you can also go for the Plasma Control panel:

sudo dnf install plasma-firewall-firewalld -y

3. Launch FirewallD GUI

At this point, you can start managing the ports and services in the Firewall with the help of mouse clicks on Rocky Linux 8.

To run your FirewallD GUI, go to the Application launcher and find the FirewallD you have installed.

You will see:

4. Remove FirewallD GUI Tool

If you don’t want to use this firewall GUI tool anymore, you can remove the same using the DNF package manager:

sudo dnf remove firewall-config -y

That’s it. You are done.

Conclusion

Enabling the FirewallD GUI on Rocky Linux 8 involves installing the firewalld and firewall-config packages, starting the service, and launching the graphical interface. This provides a user-friendly way to manage firewall rules and enhances system security with easier configuration.

Hope you enjoy it. Please subscribe to us on Facebook and Twitter.

You may also like to read the following articles:

Reset MySQL Root Password on Rocky Linux

Install Skype on Rocky Linux

Install Zoom Client on Rocky Linux

Choose Better OS: AlmaLinux vs Rocky Linux

Alternative Solutions for Managing FirewallD on Rocky Linux 8

While the GUI provides a user-friendly experience, alternative methods exist to manage FirewallD, offering different levels of control and automation. Here are two alternative solutions to How To Enable FirewallD GUI on Rocky Linux 8:

1. Using firewall-cmd Command-Line Tool

The firewall-cmd utility is a powerful command-line tool for managing FirewallD. It provides granular control over firewall rules, allowing you to add, remove, and modify rules with specific parameters. This method is ideal for scripting and automation.

Explanation:

firewall-cmd interacts directly with the FirewallD service. Changes made using this tool can be applied immediately or permanently. The --permanent option makes changes persistent across reboots. Some common commands include:

• firewall-cmd --get-active-zones: Displays the active zones.
• firewall-cmd --list-all: Lists all rules for the default zone.
• firewall-cmd --zone=<zone> --add-port=<port>/<protocol> --permanent: Adds a port to a specific zone permanently.
• firewall-cmd --reload: Reloads the firewall rules (required after making permanent changes).

Code Example:

To open port 8080 for TCP traffic permanently in the public zone:

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

To remove the same rule:

sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
sudo firewall-cmd --reload

This command-line interface allows for very precise control over the firewall, making it a useful tool for system administrators and those comfortable with the command line. Mastering firewall-cmd provides more flexibility than relying solely on the GUI. The command line is particularly useful when automating firewall configurations across multiple servers. The topic How To Enable FirewallD GUI on Rocky Linux 8 is important for beginners, but later on the command line will be extremely helpful.

2. Using Configuration Files Directly

FirewallD stores its configuration in XML files. While directly editing these files is generally discouraged due to the risk of syntax errors, understanding their structure and location can be helpful for advanced users. This method provides the deepest level of control but requires careful attention to detail.

Explanation:

FirewallD configuration files are located in two main directories:

• /usr/lib/firewalld/: Contains default configurations for zones, services, and ICMP types. Do not modify these files directly, as they can be overwritten during package updates.
• /etc/firewalld/: Contains user-defined and customized configurations. Files in this directory override the defaults.

Each zone, service, and ICMP type has its own XML file. For example, the configuration for the public zone is stored in /etc/firewalld/zones/public.xml (if customized; otherwise, the default is used).

Code Example:

To create a custom service definition, you would create an XML file in /etc/firewalld/services/. For example, to define a service called "my-app" that uses port 9000/tcp, you would create a file named my-app.xml with the following content:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>My App</short>
  <description>My application that uses port 9000.</description>
  <port protocol="tcp" port="9000"/>
</service>

After creating this file, you can then add this service to a zone using firewall-cmd:

sudo firewall-cmd --zone=public --add-service=my-app --permanent
sudo firewall-cmd --reload

Caution: Directly editing XML files requires careful attention to syntax. Ensure the XML is well-formed and valid before reloading FirewallD, as errors can prevent the firewall from starting correctly. Using xmllint to validate the XML before reloading FirewallD is highly recommended. While this method provides the most control, it also carries the highest risk of misconfiguration. The ability to How To Enable FirewallD GUI on Rocky Linux 8 offers an accessible start, this alternative is beneficial for automation using configuration management tools like Ansible or Chef.