Cyberithub

How to Install and Setup Firewalld GUI on Rocky Linux 8

Advertisements

In this article, I will take you through step by step guide to install and setup firewalld GUI on Rocky Linux 8. According to Official documentation, firewalld provides a dynamically managed firewall with support for network/firewall zones that define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings, ethernet bridges and IP sets. There is a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add firewall rules directly. Many times configuring firewalld through command line might be tedious and prone to mistake so it is always better to use GUI mode to setup all the firewall rules.

Features 

  • Complete D-Bus API
  • IPv4, IPv6, bridge and ipset support
  • IPv4 and IPv6 NAT support
  • Firewall zones
  • Predefined list of zones, services and icmptypes
  • Simple service, port, protocol, source port, masquerading, port forwarding, icmp filter, rich rule, interface and source address handlig in zones
  • Simple service definition with ports, protocols, source ports, modules (netfilter helpers) and destination address handling
  • Rich Language for more flexible and complex rules in zones
  • Timed firewall rules in zones
  • Simple log of denied packets
  • Direct interface
  • Lockdown: Whitelisting of applications that may modify the firewall
  • Automatic loading of Linux kernel modules
  • Integration with Puppet
  • Command line clients for online and offline configuration
  • Graphical configuration tool using gtk3
  • Applet using Qt4

How to Install and Setup Firewalld GUI on Rocky Linux 8

How to Install and Setup Firewalld GUI on Rocky Linux 8

Also Read: How to Install Podman on Ubuntu 20.04 LTS [Step by Step]

Advertisements

Step 1: Prerequisites

a) You should have a running Rocky Linux 8 Server.

b) You should have sudo or root access to run privileged command.

Advertisements

c) You should have yum and rpm utility available in your Server.

 

Step 2: Update Your Server

It is always recommended to run an update once before installing a new package using yum update command. If any package needs to be upgraded then run yum upgrade as well to upgrade packages to the latest version.

Advertisements
[root@cyberithub ~]# yum update
Rocky Linux 8 - AppStream 2.9 kB/s | 4.8 kB 00:01
Rocky Linux 8 - AppStream 3.9 MB/s | 8.7 MB 00:02
Rocky Linux 8 - BaseOS 2.6 kB/s | 4.3 kB 00:01
Rocky Linux 8 - BaseOS 1.0 MB/s | 4.6 MB 00:04
Rocky Linux 8 - Extras 3.7 kB/s | 3.5 kB 00:00
Rocky Linux 8 - Extras 9.3 kB/s | 10 kB 00:01
Docker CE Stable - x86_64 21 kB/s | 3.5 kB 00:00
Docker main Repository 0.0 B/s | 0 B 00:00
.........................................................

 

Step 3: Install Firewalld

Next step is to install firewalld package by using yum install firewall-config command as shown below. This will install the package along with all the required dependencies.

[root@cyberithub ~]# yum install firewall-config
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink                                                                                                             |  32 kB  00:00:00    
 * base: ftp.funet.fi
 * centos-qemu-ev: ftp.funet.fi
 * epel: www.nic.funet.fi
 * extras: ftp.funet.fi
 * updates: ftp.funet.fi
base                                                                                                                             | 3.6 kB  00:00:00    
centos-ceph-luminous                                                                                                             | 3.0 kB  00:00:00    
centos-openstack-rocky                                                                                                           | 3.0 kB  00:00:00    
centos-qemu-ev                                                                                                                   | 3.0 kB  00:00:00    
docker-ce-stable                                                                                                                 | 3.5 kB  00:00:00    
epel                                                                                                                             | 4.7 kB  00:00:00    
Installed:
firewall-config.noarch 0:0.6.3-13.el7_9                                                                                                               
Dependency Installed:
adwaita-cursor-theme.noarch 0:3.28.0-1.el7 adwaita-icon-theme.noarch 0:3.28.0-1.el7 at-spi2-atk.x86_64 0:2.26.2-1.el7           
at-spi2-core.x86_64 0:2.28.0-1.el7 cairo-gobject.x86_64 0:1.15.12-4.el7 colord-libs.x86_64 0:1.3.4-2.el7 dbus-x11.x86_64 1:1.10.24-15.el7 dconf.x86_64 0:0.28.0-4.el7 glib-networking.x86_64 0:2.56.1-1.el7       
gnutls.x86_64 0:3.3.29-9.el7_6 gsettings-desktop-schemas.x86_64 0:3.28.0-3.el7 gtk3.x86_64 0:3.22.30-6.el7 json-glib.x86_64 0:1.4.2-2.el7 lcms2.x86_64 0:2.6-3.el7 libXmu.x86_64 0:1.1.2-2.el7 libXt.x86_64 0:1.1.5-3.el7 libXxf86misc.x86_64 0:1.0.3-7.1.el7 libepoxy.x86_64 0:1.5.2-1.el7               
libgusb.x86_64 0:0.2.9-1.el7 libmodman.x86_64 0:2.0.1-8.el7 libproxy.x86_64 0:0.4.11-11.el7 libsoup.x86_64 0:2.62.2-2.el7 libusbx.x86_64 0:1.0.21-1.el7 libwayland-cursor.x86_64 0:1.15.0-1.el7     
libwayland-egl.x86_64 0:1.15.0-1.el7 libxkbcommon.x86_64 0:0.7.1-3.el7 nettle.x86_64 0:2.7.1-9.el7_9 rest.x86_64 0:0.8.1-2.el7 trousers.x86_64 0:0.3.14-2.el7 xkeyboard-config.noarch 0:2.24-1.el7        
xorg-x11-server-utils.x86_64 0:7.7-20.el7 xorg-x11-xauth.x86_64 1:1.0.9-1.el7 xorg-x11-xinit.x86_64 0:1.3.4-2.el7         

Dependency Updated:
dbus.x86_64 1:1.10.24-15.el7 dbus-libs.x86_64 1:1.10.24-15.el7 firewalld.noarch 0:0.6.3-13.el7_9         
firewalld-filesystem.noarch 0:0.6.3-13.el7_9  python-firewall.noarch 0:0.6.3-13.el7_9         
Complete!

 

Step 4: Verify Installed RPM

Once installed successfully, you can verify the package by using rpm -qa | grep firewall command as shown below.

Advertisements
[root@cyberithub ~]# rpm -qa | grep firewall
firewalld-filesystem-0.6.3-13.el7_9.noarch
python-firewall-0.6.3-13.el7_9.noarch
firewalld-0.6.3-13.el7_9.noarch
firewall-config-0.6.3-13.el7_9.noarch

 

Step 5: Setup Firewalld

Once RPM is installed, Click on Activities and search for firewall in the Search box. Once firewall pop up like below then click on it to open.

How to Install and Setup Firewalld GUI on Rocky Linux 8 2

It might ask you for password to authenticate. Once authenticated it will take you to the Firewall Configuration screen where you can see the current default settings.

How to Install and Setup Firewalld GUI on Rocky Linux 8 3

Now that we have the setup, we will walk through few rule creations to get familiar with the working of the tool. We will create 2 rules in this tutorial for the demonstration. One to create a new zone and another to add interfaces to the newly created zone.

a) Create new zones

Select the Configuration as “Permanent”.

How to Install and Setup Firewalld GUI on Rocky Linux 8 4

Click on “Add Zone” option.

How to Install and Setup Firewalld GUI on Rocky Linux 8 5

Enter new zone name and uncheck Target to customize the value. In my case I have selected target as DROP. Then Click on OK once done.

How to Install and Setup Firewalld GUI on Rocky Linux 8 6

Then Click on Reload firewalld to apply the changes.

How to Install and Setup Firewalld GUI on Rocky Linux 8 7

Next Click on “Change Default Zone” option to make newly created zone as default. Then select the new zone and click OK.

How to Install and Setup Firewalld GUI on Rocky Linux 8 8

Again reload the firewalld to apply the changes permanently like we did above. You will now see that the default zone has been changed to “New_Zone”.

How to Install and Setup Firewalld GUI on Rocky Linux 8 9

 

b) Add interfaces to Zone

Next we will add the interfaces to the newly created zone. By default there won’t be any interfaces added to this zone as you can see below.

How to Install and Setup Firewalld GUI on Rocky Linux 8 10

To see the existing network interfaces in your machine, open the terminal and execute “ip a” to list all the interfaces. Click on “Add” button to add the interface.

How to Install and Setup Firewalld GUI on Rocky Linux 8 11

Enter the interface name. I am adding loopback (lo) interface to the zone. This might be different for you. You may want to add eth0 or enp0s3 or some other interface depending on your requirements. Once done, Click on OK.

How to Install and Setup Firewalld GUI on Rocky Linux 8 12

Reload firewalld to apply the changes permanently. We can see “lo” interface has been added to the “New_Zone” zone.

How to Install and Setup Firewalld GUI on Rocky Linux 8 13

Similarly we can add any number of interfaces to a zone. We can also edit, remove the interfaces from a zone using the options available. We can add any number of firewalld rules using the GUI like adding services, applying ICMP type, rich rule, direct rule and many more. Demonstrating each rule is beyond the scope of this tutorial. But the above demonstration should give you the fair idea on how to play around with GUI to create and apply required rules.

Good to Know

All the firewalld configuration and related information gets stored on the server in path /etc/firewalld.

[root@cyberithub ~]# cd /etc/firewalld
[root@cyberithub firewalld]# ls
firewalld.conf  helpers  icmptypes  ipsets  lockdown-whitelist.xml  services  zones

We can view the zones inside zones directory. Similarly if we have services applies, we can view inside services directory. We can also see all the direct rules applied in the file “direct.xml” which gets created in the same directory.

Leave a Comment