How to allow port through firewall on AlmaLinux

firewalld is the default firewall program that comes pre-installed on Red Hat Enterprise Linux and its derivative Linux distributions, such as AlmaLinux.

By default, the firewall is turned on, meaning that a very limited number of services are able to receive incoming traffic. This is a nice security feature, but it means that the user must be knowledgeable enough to configure the firewall whenever they install a new service on the system, like HTTPD or SSH for example. Otherwise, connections from the internet can’t reach these services.

Rather than disabling the firewall on AlmaLinux entirely, we can allow certain ports through the firewall, which lets incoming connections reach our services. In this guide, we’ll see how to allow a port through the firewall on AlmaLinux. Feel free to follow along whether you’ve freshly installed AlmaLinux or migrated from CentOS to AlmaLinux.

In this tutorial you will learn:

  • How to allow a port or service through the firewall on AlmaLinux
  • How to reload the firewall for changes to take effect
  • How to check what ports and services are open in the firewall
  • How to close a port after having it configured as open
  • Command examples for allowing the most common ports through firewall
Allowing a port through the firewall on AlmaLinux

Allowing a port through the firewall on AlmaLinux

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System AlmaLinux
Software firewalld
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to allow a port through firewall on AlmaLinux

Follow the step by step instructions below to allow ports or services through firewalld on AlmaLinux. You’ll also see how to check the open ports that firewalld has configured.

  1. When checking for open firewall ports on RHEL 8 / CentOS 8 Linux it is important to know that firewall ports can be opened in two main different ways. Firstly, the firewall port can be opened as part of a pre-configured service. Take this example where we open the port for HTTP to the public zone.
    # firewall-cmd --zone=public --add-service=http --permanent
    

    Of course, adding the HTTP service to firewalld is the equivalent of opening port 80.



  2. Secondly, the ports can be open directly as custom user predefined ports. Take this example where we open port 8080.
    # firewall-cmd --zone=public --add-port 8080/tcp --permanent
    

    Since 8080 doesn’t have an associated service, it’s necessary for us to specify the port number rather than a service name if we want to open this port.

  3. To check which service ports are open, execute the following command.
    # firewall-cmd --zone=public --list-services
    cockpit dhcpv6-client http https ssh
    

    The above services (cockpit, DHCP, HTTP, HTTPS, and SSH) have their relevant port numbers open.

  4. To check which port numbers are open, use this command.
    # firewall-cmd --zone=public --list-ports
    20/tcp 8080/tcp
    

    The above ports, 20 and 8080, are open to incoming traffic.

  5. After you’ve allowed your ports and services through the firewall, we’ll need to reload firewalld for the changes to take effect. All rules with the --permanent option will now become part of the runtime configuration. Rules without this option will be discarded.
    # firewall-cmd --reload
    
  6. We can also see a list of all open services and ports by using the --list-all option.
    # firewall-cmd --list-all
    public (active)
      target: default
      icmp-block-inversion: no
      interfaces: ens160
      sources: 
      services: cockpit dhcpv6-client http ssh
      ports: 443/tcp
      protocols: 
      masquerade: no
      forward-ports: 
      source-ports: 
      icmp-blocks: 
      rich rules:
    


  7. Note that firewalld works with zones. Depending on which zone your network interface(s) is using, you may need to add your allowed port to that particular zone. The first step above shows how to add a rule to the “public” zone. To see the rules for that zone specifically, continue using the --zone= syntax.
    # firewall-cmd --list-all --zone=public
    public (active)
      target: default
      icmp-block-inversion: no
      interfaces: ens160
      sources: 
      services: cockpit dhcpv6-client http ssh
      ports: 443/tcp
      protocols: 
      masquerade: no
      forward-ports: 
      source-ports: 
      icmp-blocks: 
      rich rules:
    
  8. In case you need to close one of the previously configured open ports, you can use the following command syntax. In this example, we close the port for HTTPS.
    # firewall-cmd --zone=public --permanent --remove-service=https
    

That’s all there is to it. To learn more about firewalld and the firewall-cmd Linux command, check out our dedicated guide on introduction to firewalld and firewall-cmd.

Common Port Examples

Use the commands below as an easy reference guide to allow some of the most common services through the firewall on AlmaLinux.

  1. Allow HTTP through firewall.
    # firewall-cmd --zone=public --add-service=http --permanent
    
  2. Allow HTTPS through firewall.
    # firewall-cmd --zone=public --add-service=https --permanent
    
  3. Allow MySQL through firewall.
    # firewall-cmd --zone=public --add-service=mysql --permanent
    
  4. Allow SSH through firewall.
    # firewall-cmd --zone=public --add-service=ssh --permanent
    


  5. Allow DNS through firewall.
    # firewall-cmd --zone=public --add-service=dns --permanent
    
  6. Allow PostgreSQL through firewall.
    # firewall-cmd --zone=public --add-service=postgresql --permanent
    
  7. Allow telnet through firewall.
    # firewall-cmd --zone=public --add-service=telnet --permanent
    

Closing Thoughts

In this guide, we saw how to allow a port or service through the firewall on AlmaLinux. This involved using the firewall-cmd command associated with firewalld, which makes the process easy once we know the correct syntax to use. We also saw multiple examples for allowing many of the most common services through the firewall. Remember to pay special attention to what zone you apply your new rules to.