How to configure additional firewall rules on rocky linux vps
Learn how to configure additional firewall rules on rocky linux vps for improved server security.

This article provides a guide for how to configure additional firewall rules on Rocky Linux VPS for improved security of your system.

How to Configure Additional Firewall Rules on Rocky Linux VPS

This tutorial will guide you through the process of configuring additional firewall rules on a Rocky Linux VPS using firewalld. Firewalld is the default firewall management tool on many RHEL-based distributions like Rocky Linux.

Prerequisites

  • You need access to your Rocky Linux VPS with root privileges.
  • A basic understanding of Linux command line.
  • A basic understanding of firewall rules and network ports.
Launch 100% ssd rocky linux vps from $2. 49/mo!
Launch a rocky linux vps with 100% ssd from $2. 49/mo!
  1. Connect to Your VPS

    First, you need to connect to your VPS via SSH. Open your terminal and use the following command:

    ssh root@your_vps_ip_address

    Replace your_vps_ip_address with the actual IP address of your VPS.

  2. Check the Status of firewalld

    Once logged in, check the status of firewalld to ensure it is running:

    systemctl status firewalld

    If firewalld is not running, you can start it with:

    systemctl start firewalld

    To ensure it starts automatically on boot, enable it with:

    systemctl enable firewalld
  3. List Existing Firewall Rules

    Before adding new rules, it’s a good practice to check the current firewall rules:

    firewall-cmd --list-all

    This command shows all the rules for the active zone, typically public.

  4. Adding a New Firewall Rule

    1. Allowing a Specific Port

      To allow traffic on a specific port (e.g., HTTP on port 80), use:

      firewall-cmd --zone=public --add-port=80/tcp --permanent
      

      Here’s a breakdown:

      • --zone=public: Specifies the zone you want to add the rule to. public is the default zone.
      • --add-port=80/tcp: Opens port 80 for TCP traffic.
      • --permanent: Ensures the rule persists after a reboot. Without this, the rule is only temporary.
    2. Allowing a Service

      You can also allow services by name, which automatically opens the necessary ports. For example, to allow SSH:

      firewall-cmd --zone=public --add-service=ssh --permanent
    3. Allowing IP Address

      To allow traffic from a specific IP address, use:

      firewall-cmd --zone=public --add-source=192.168.1.100 --permanent

      Replace 192.168.1.100 with the IP address you want to allow.

  5. Reload the Firewall

    After adding your rules, reload firewalld to apply the changes:

    firewall-cmd --reload
  6. Verify the New Rules

    To confirm that your new rules have been applied, list the active rules again:

    firewall-cmd --list-all
  7. Removing a Firewall Rule

    If you need to remove a firewall rule, the process is similar to adding one but with the --remove option.

    1. Removing a Port

      To remove a rule that opens a port:

      firewall-cmd --zone=public --remove-port=80/tcp --permanent
    2. Removing a Service

      To remove a service:

      firewall-cmd --zone=public --remove-service=ssh --permanent
    3. Removing an IP Address

      To remove an IP address:

      firewall-cmd --zone=public --remove-source=192.168.1.100 --permanent

      After removing the rules, don’t forget to reload the firewall:

      firewall-cmd --reload
  8. Advanced Firewall Rules (Optional)

    1. Rich Rules

      For more granular control, you can use rich rules. For example, to allow SSH from a specific IP:

      firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.100" service name="ssh" accept' --permanent
    2. Blocking an IP Address

      To block an IP address:

      firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.100" drop' --permanent
  9. Backup and Restore Firewall Rules (Recommended)

    To back up your firewall rules:

    firewall-cmd --runtime-to-permanent firewall-cmd --permanent --list-all > /etc/firewalld/rules.backup

    To restore from a backup:

    firewall-cmd --permanent --new-config=rules.backup firewall-cmd --reload
Launch 100% ssd rocky linux vps from $2. 49/mo!
Launch a rocky linux vps with 100% ssd from $2. 49/mo!

Conclusion

You now know how to configure additional firewall rules on Rocky Linux VPS. Regularly review and update your firewall rules to ensure your server remains secure.

This process can be repeated for any additional ports, services, or IP addresses you need to manage on your VPS. Remember that improper firewall rules can lock you out of your server, so always double-check your rules before applying them, especially when working with SSH.

Further Reading:

Avatar of editorial staff

Editorial Staff

Rad Web Hosting is a leading provider of web hosting, Cloud VPS, and Dedicated Servers in Dallas, TX.

One thought on “How to Configure Additional Firewall Rules on Rocky Linux VPS

  1. […] wish to further secure your setup, consider using SSH keys instead of password authentication and implementing additional firewall rules on your […]

Comments are closed.

lg