How to Open and Close Ports on AlmaLinux: A Comprehensive Guide

Category : Linux/ Unix

opening-closing-ports-in-almalinux

As an AlmaLinux server administrator, managing network ports is crucial for ensuring the security and smooth operation of your services. AlmaLinux comes with various firewall management tools, such as FirewallD, Iptables, and ConfigServer Security & Firewall (CSF). In this comprehensive guide, we’ll walk you through the steps to open and close ports using these firewall solutions on AlmaLinux.

FirewallD

FirewallD is the default firewall management tool in AlmaLinux. It is a dynamic firewall daemon that uses the concept of zones and services to define the trust level and permissions for network traffic.

Opening Ports with FirewallD

To open a port using FirewallD on AlmaLinux:

  1. Check the status of FirewallD to ensure it’s running:
    sudo systemctl status firewalld
  2. To open a specific port, use the firewall-cmd command with the --add-port option. For example, to open port 80 for HTTP traffic:
    sudo firewall-cmd --zone=public --add-port=80/tcp --permanent

    Here, --zone=public specifies the zone to apply the rule, --add-port=80/tcp opens port 80 for TCP traffic, and --permanent makes the change persistent across reboots.

  3. Reload the firewall to apply the changes:
    sudo firewall-cmd --reload

Closing Ports with FirewallD

To close a previously opened port using FirewallD on AlmaLinux:

  1. Use the firewall-cmd command with the --remove-port option. For example, to close port 80:
    sudo firewall-cmd --zone=public --remove-port=80/tcp --permanent
  2. Reload the firewall to apply the changes:
    sudo firewall-cmd --reload

Iptables

Iptables is a command-line firewall utility that is available on AlmaLinux. It provides a way to configure firewall rules directly using iptables commands.

Opening Ports with Iptables

To open a port using Iptables on AlmaLinux:

  1. Use the iptables command with the -I option to insert a rule at the top of the chain. For example, to open port 22 for SSH:
    sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT

    Here, -I INPUT specifies the chain to modify, -p tcp indicates the protocol, --dport 22 specifies the destination port, and -j ACCEPT allows the traffic.

  2. Save the changes to make them persistent across reboots:
    sudo service iptables save

Closing Ports with Iptables

To close a port using Iptables on AlmaLinux:

  1. Use the iptables command with the -I option and the REJECT target. For example, to close port 22:
    sudo iptables -I INPUT -p tcp --dport 22 -j REJECT
  2. Save the changes as described in the previous section.

ConfigServer Security & Firewall (CSF)

CSF is a popular firewall solution that can be installed on AlmaLinux servers. It provides an easy-to-use web interface and command-line tools to manage firewall rules.

Installing CSF on AlmaLinux

To install CSF on AlmaLinux:

  1. Download the CSF installation script:
    sudo wget https://download.configserver.com/csf.tgz
  2. Extract the downloaded archive:
    sudo tar -xzf csf.tgz
  3. Change to the CSF directory and run the installation script:
    cd csf sudo sh install.sh
  4. Once the installation is complete, configure CSF by editing the configuration file /etc/csf/csf.conf according to your requirements.

Opening Ports with CSF

To open a port using CSF on AlmaLinux:

  1. Edit the CSF configuration file /etc/csf/csf.conf using a text editor:
    sudo nano /etc/csf/csf.conf
  2. Locate the TCP_IN and TCP_OUT directives in the configuration file and add the port numbers you want to open. For example:
    TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873"
  3. Save the changes and exit the text editor.
  4. Restart the CSF firewall:
    sudo systemctl restart csf

Closing Ports with CSF

To close a port using CSF on AlmaLinux:

  1. Edit the CSF configuration file /etc/csf/csf.conf and remove the port numbers you want to close from the TCP_IN and TCP_OUT directives.
  2. Save the changes and restart the CSF firewall as described in the previous section.

Checking Open Ports with Netstat

In addition to managing ports using firewall tools, you can also check which ports are currently open on your AlmaLinux server using the netstat command. This can be useful for verifying the status of your firewall rules or troubleshooting network issues.

To list all open ports and the processes listening on them, run the following command:

sudo netstat -tunlp

This command will display output similar to the following example:

netstat-tunlp

In this example output:

  • Proto shows the protocol (TCP or UDP).
  • Local Address displays the IP address and port number the process is listening on.
  • Foreign Address shows the remote IP address and port number (if applicable).
  • State indicates the current state of the connection.
  • PID/Program name shows the process ID and name of the program listening on the port.

Here, you can see that port 22 (SSH) and port 80 (HTTP) are open and listening for incoming connections.

The netstat command can be a valuable tool for quickly checking which ports are open on your AlmaLinux server, complementing the firewall management tools covered earlier in this guide.

Conclusion

Managing ports on AlmaLinux servers is essential for securing your server and enabling access to your services. With FirewallD, Iptables, and CSF, you have powerful tools at your disposal to control the incoming and outgoing network traffic on AlmaLinux.

Remember to carefully consider which ports to open and close based on your specific requirements and security best practices. Regularly review and update your firewall rules to maintain a robust security posture for your AlmaLinux server.