Install FirewallD GUI on AlmaLinux 8 with Easy Steps

By Posted on

Install FirewallD GUI on AlmaLinux 8 with Easy Steps

This tutorial aims to guide you on how to Install FirewallD GUI on AlmaLinux 8. Firewalld is a dynamic firewall management tool that’s a staple in many Linux distributions, including AlmaLinux, CentOS, RHEL, Fedora, Ubuntu, and Debian. It serves as a user-friendly frontend for the powerful, yet sometimes complex, iptables filtering system provided by the Linux kernel. Its protocol-agnostic nature is a key advantage, offering seamless support for IPv4, IPv6, ethernet bridges, and IP sets.

firewall-config is the graphical interface we’ll be focusing on. It offers a point-and-click method to manage your firewall, a welcome alternative to command-line interactions. In a standard desktop environment, such as Gnome, it is often installed in conjunction with firewalld.

Let’s dive into the steps necessary to Install FirewallD GUI on AlmaLinux 8.

Before we begin, ensure you’re logged into your AlmaLinux 8 server as a non-root user with sudo privileges. If you haven’t already configured this, refer to our guide, the Initial Server Setup with AlmaLinux 8, for detailed instructions.

1. Install FirewallD on AlmaLinux 8

First, update your local package index to ensure you have the latest package information:

sudo dnf update -y

If Firewalld isn’t already present on your system, proceed with the installation:

sudo dnf install firewalld -y

Once the installation is complete, start and enable the Firewalld service using the following commands:

# sudo systemctl start firewalld
# sudo systemctl enable firewalld

Confirm that the FirewallD service is active and running:

sudo systemctl status firewalld
firewalld status AlmaLinux 8

2. Install firewall-config GUI on AlmaLinux 8

With Firewalld installed, we can now install its graphical user interface. The necessary packages are readily available in the default AlmaLinux repository.

Execute the following command to Install FirewallD GUI on AlmaLinux 8:

sudo dnf install firewall-config -y

Note: If you’re using the KDE desktop environment, you can also opt for the Plasma Control panel integration:

sudo dnf install plasma-firewall-firewalld

3. Launch FirewallD GUI

You can now visually manage your firewall’s ports and services using the newly installed GUI.

Locate the "FirewallD" application within your Application launcher.

Upon launching, you’ll be greeted with the FirewallD configuration interface:

Firewalld configuration

4. Remove FirewallD GUI Tool

Should you decide to remove the firewall GUI tool, you can easily do so using the DNF package manager:

sudo dnf remove firewall-config

That concludes the primary method for Install FirewallD GUI on AlmaLinux 8.

Conclusion

This tutorial covered the process to Install FirewallD GUI on AlmaLinux 8. Using the Firewall-config GUI on AlmaLinux 8 offers a user-friendly approach to managing firewall settings. It simplifies the configuration of zones, services, ports, and network connections, making firewall management more accessible.

We hope you found this guide helpful! Please subscribe to us on Facebook, YouTube, and Twitter.

You may also like these articles too:

Install PHP 7.4 on AlmaLinux 8

Install and Configure Nextcloud on AlmaLinux 8

Set up Cockpit on AlmaLinux 8

Explore Difference Between SSH and Telnet

Install Rootkit Hunter in Linux

Install and Configure Chrony in Linux

Work with the Dig Command on Linux

Install Grafana on AlmaLinux 8

Install and Configure GlassFish on AlmaLinux 8

Install and Configure an SVN Server on AlmaLinux 8

FAQs

What is Firewall-config GUI?

Firewall-config GUI is a graphical tool for managing firewall settings in AlmaLinux 8, allowing users to configure zones, services, ports, and network connections easily.

What can I configure using Firewall-config GUI?

You can configure firewall zones, add or remove services and ports, manage network interfaces, and enable or disable specific firewall rules.

Is Firewall-config GUI better than using the command line?

It depends on your preference. The GUI is easier for beginners, while the command-line interface (CLI) provides more flexibility and automation options.

Alternative Solutions for Managing Firewalld on AlmaLinux 8

While the GUI provides a convenient visual interface, alternative methods exist for managing Firewalld, particularly useful for automation or when a GUI isn’t available. Here are two such alternatives:

1. Command-Line Interface (CLI) using firewall-cmd

The firewall-cmd utility is the primary command-line tool for interacting with Firewalld. It offers granular control over zones, services, ports, and other firewall aspects. This method is ideal for scripting and remote server management.

Explanation:

firewall-cmd allows you to make persistent or runtime changes to your firewall configuration. Persistent changes survive reboots, while runtime changes are temporary. Understanding zones is crucial. A zone represents a level of trust for network connections (e.g., public, private, trusted). You assign network interfaces to zones, and the firewall rules for that zone apply to traffic on those interfaces.

Example:

To permanently allow HTTP traffic (port 80) through the public zone:

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload
  • --permanent: Indicates the change should be permanent and survive reboots.
  • --zone=public: Specifies the zone to apply the rule to.
  • --add-service=http: Adds the predefined http service (which includes port 80). You can also use --add-port=80/tcp to specify the port directly.
  • --reload: Reloads the firewall configuration, applying the permanent changes. Without reloading, the changes will not take effect until the next reboot.

To list all rules in the public zone:

sudo firewall-cmd --list-all --zone=public

This outputs all the enabled services, ports, and other settings for the specified zone.

Case Study:

Imagine you need to automate the setup of a web server on multiple AlmaLinux 8 instances. Using firewall-cmd within a script, you can easily configure the firewall to allow HTTP and HTTPS traffic:

#!/bin/bash

# Script to configure Firewalld for a web server

echo "Configuring Firewalld..."

# Allow HTTP and HTTPS services in the public zone
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https

# Reload Firewalld to apply the changes
sudo firewall-cmd --reload

echo "Firewalld configuration complete."

This script can be deployed and executed on each server, ensuring consistent firewall settings.

2. Directly Editing Firewalld Configuration Files

Firewalld stores its configuration in XML files located in /etc/firewalld/zones/ (for zone definitions) and /etc/firewalld/services/ (for service definitions). While not recommended for beginners due to the risk of syntax errors, directly editing these files provides the ultimate level of control and customization.

Explanation:

Each zone is defined in an XML file with a name corresponding to the zone (e.g., public.xml). These files contain details about allowed services, ports, masquerading, and other firewall settings. Similarly, service definitions specify the ports and protocols associated with a particular service.

Example:

Let’s say you need to create a custom service definition for a specific application that uses port 12345/tcp. You can create a file named /etc/firewalld/services/my-app.xml with the following content:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>My Application</short>
  <description>This service allows traffic for my custom application.</description>
  <port protocol="tcp" port="12345"/>
</service>

Then, you can add this service to a zone using firewall-cmd:

sudo firewall-cmd --permanent --zone=public --add-service=my-app
sudo firewall-cmd --reload

Case Study:

Consider a scenario where you need to configure a complex firewall rule involving rich rules (more advanced firewall rules with specific source/destination IP addresses). While firewall-cmd supports rich rules, directly editing the zone configuration file can provide a more readable and manageable approach for complex rulesets.

For instance, to allow traffic from only the IP address 192.168.1.10 to port 22 (SSH) in the public zone, you can add the following rich rule to the public.xml file:

<rule family="ipv4">
  <source address="192.168.1.10"/>
  <port port="22" protocol="tcp"/>
  <accept/>
</rule>

After modifying the public.xml file, reload Firewalld:

sudo firewall-cmd --reload

Important Considerations:

  • Syntax Errors: When editing XML files directly, ensure the syntax is correct. Incorrect syntax can prevent Firewalld from starting. Use an XML validator to check for errors.
  • Backup: Always back up your configuration files before making any changes.
  • Reload: Remember to reload Firewalld after making changes to the configuration files.

By understanding these alternative methods, you gain greater flexibility and control over your Firewalld configuration on AlmaLinux 8, allowing you to adapt your firewall management strategy to different situations and requirements.

Related posts: