How to Install and Configure firewalld Firewall

What this is

firewalld is a dynamic firewall manager commonly used on CentOS/RHEL/Rocky/AlmaLinux. It manages rules using zones and services.

What it is for

• Control which inbound ports are open
• Apply rules permanently and safely
• Reduce unwanted traffic to your VPS

Prerequisites

• RHEL-based server (CentOS/Rocky/Alma/RHEL)
• SSH access
• Sudo privileges
• Important: Keep your current SSH session open while applying firewall rules

Step-by-step

Step 1) Install firewalld (if not installed)

sudo dnf install -y firewalld

Step 2) Enable and start the service

sudo systemctl enable --now firewalld

Expected output: Usually silent if OK.

Step 3) Check status

sudo systemctl status firewalld --no-pager

Expected output: Active: active (running).

Step 4) Allow SSH (most important)

sudo firewall-cmd --add-service=ssh --permanent

What it does: Permanently allows SSH service (port 22) in the default zone.

If you use a custom SSH port (example 2222):

sudo firewall-cmd --add-port=2222/tcp --permanent

Step 5) Allow web ports (if needed)

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent

Step 6) Reload to apply changes

sudo firewall-cmd --reload

Expected output: success

Step 7) Verify rules

sudo firewall-cmd --list-all

Expected output: A list including allowed services/ports (ssh, http, https, etc.).

Warnings & notes

• Always allow SSH before making restrictive changes.
• Use --permanent then --reload so rules survive reboot.

Final verification

• Open a new terminal and test SSH access.
• Confirm open ports with: sudo ss -lntp.

Conclusion

firewalld is now controlling inbound traffic. Keep your allowed services minimal and review rules regularly.