CentOS Stream 9: Firewall

By Fajar Vicky
step-1

Configure Firewall and SELinux

To Configure Firewall and SELinux on CentOS Stream Server, Configure like follows.

Initial Settings Firewall

Step [1] It's possible to display FireWall Service Status like follows. (enabled by default) 


[root@bizantum ~]# systemctl status firewalld
*  firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor>
     Active: active (running) since Fri 2021-11-25 20:29:20 JST; 5min ago
       Docs: man:firewalld(1)
   Main PID: 710 (firewalld)
      Tasks: 2 (limit: 4419)
     Memory: 41.6M
        CPU: 427ms
     CGroup: /system.slice/firewalld.service
             +- 710 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid

# [Active: active (running) ***] means firewalld is running now

Step [2] If you use FireWall service, it needs to modify FireWall settings manually because incoming requests for services are mostly not allowed by default. Refer to here for basic Firewall operation and settings. Configuration examples of CentOS Stream 9 on this site are based on the environment Firewalld service is always enabled.

Step [3] If you don't need FireWall service because of some reasons like that some FireWall Machines are running in your Local Netowrk or others, it's possible to stop and disable FireWall service on CentOS Stream server like follows.


# stop service
[root@bizantum ~]# systemctl stop firewalld
# disable service
[root@bizantum ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Initial Settings SELinux

Step [4] It's possible to display current SELinux (Security-Enhanced Linux) Status like follows. (enabled by default)


[root@bizantum ~]# getenforce
Enforcing     # SELinux is enabled

Step [5] If you enable SELinux, there are cases to modify SELinux policies manually because sometimes SELinux stops applications. Refer to here for basic SELinux operation and settings. Configuration examples of CentOS Stream 9 on this site are based on the environment SELinux is always Enforcing.


[root@bizantum ~]# useradd centos
[root@bizantum ~]# passwd centos
Changing password for user centos.
New UNIX password:              # input any password you'd like to set
Retype new UNIX password:       # confirm
passwd: all authentication tokens updated successfully.

Step [6] If you don't need SELinux feature because of some reasons like that your server is running only in Local safety Network or others, it's possible to disable SELinux like follows.


# disable SELinux
[root@bizantum ~]# grubby --update-kernel ALL --args selinux=0
# apply changes to restart computer
[root@bizantum ~]# reboot
# if falling back to enable, run like follows
[root@bizantum ~]# grubby --update-kernel ALL --remove-args selinux

Comments

Post a Comment

Thank you for your comment! We appreciate your feedback, feel free to check out more of our articles.
Best regards, Bizantum Blog Team.

Popular posts from this blog

Debian 12 Bookworm: Install Kubeadm

Debian 12 Bookworm: Install Kubeadm

Introduction In this article, we will explore the what, who, where, when, why, and how of Kubeadm functionality on the Debian 12 Bookworm platform, so let's get started.
Continue reading
By
Fedora 40 : Mail Server

Fedora 40 : Mail Server

Introduction This guide covers the installation and configuration of a mail server on Fedora 40. It will help you understand the what, who, where, when, why, and how of setting up a mail server.
Continue reading
By
Cyber Security: NIST Overview

Cyber Security: NIST Overview

Overview The National Institute of Standards and Technology (NIST) is a pivotal entity in the United States that plays a crucial role in advancing measurement science, standards, and technology. Understanding NIST’s functions, importance, and impact is vital for various industries and sectors.
Continue reading
By Fajar Vicky
Cyber Security: ISO 27001 Overview

Cyber Security: ISO 27001 Overview

Introduction ISO 27001 is an international standard for information security management systems (ISMS). It provides a framework for managing sensitive company information to ensure it remains secure. Understanding ISO 27001 is crucial for organizations aiming to protect their information assets.
Continue reading
By Fajar Vicky
AlmaLinux 9: How to Install

AlmaLinux 9: How to Install

Introduction AlmaLinux 9 Server is a free and open-source Linux distribution that provides a stable and secure platform for server environments. It's a popular choice for both enterprise and personal use due to its reliability and robust features. This guide will walk you through the steps to install AlmaLinux 9 Server on your system.
Continue reading
By Fajar Vicky
AlmaLinux 9: Overview

AlmaLinux 9: Overview

Introduction AlmaLinux 9 is a robust, open-source enterprise operating system that serves as a community-driven alternative to CentOS. Designed to deliver stability, performance, and long-term support, AlmaLinux is an excellent choice for servers in diverse environments, from small businesses to large enterprises.
Continue reading
By Fajar Vicky