How to Add Rule in the Firewall to Allow Incoming HTTP Connection in CentOS 8

Posted on

Introduction

This is an article where the main content is to show how to add a rule to allow incoming HTTP Connection in CentOS 8. Actually, it is possible to add a rule by executing a specific command. Furthermore, this article has specific connection with several previous article. Moreover, this article is part of the firewall configuration of the running CentOS virtual server in VirtualBox application.

Adding HTTP Incoming Connection Rule

In order to add the rule, just follow these steps below :

1. First of all, make sure that the firewalld service is running. So, the following is the command to check whether the firewalld service is currently running or not :

systemctl status firewalld

The following is the execution of the above command :

[root@10 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Sun 2020-12-20 18:17:09 EST; 2h 0min ago
     Docs: man:firewalld(1)
  Process: 828 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 828 (code=exited, status=0/SUCCESS)

Dec 20 18:16:17 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 20 18:16:22 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 20 18:16:23 localhost.localdomain firewalld[828]: WARNING: AllowZoneDrifting is enabled. This is considered an inse>Dec 20 18:17:08 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
Dec 20 18:17:09 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@10 ~]#

According to the above output command, the firewalld service is not active. In order to activate the firewalld service, execute the following command below :

[root@10 ~]# systemctl start firewalld
[root@10 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-12-20 20:17:38 EST; 7s ago
     Docs: man:firewalld(1)
 Main PID: 1604 (firewalld)
    Tasks: 2 (limit: 11472)
   Memory: 22.5M
   CGroup: /system.slice/firewalld.service
           └─1604 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

Dec 20 20:17:38 10.0.2.15 systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 20 20:17:38 10.0.2.15 systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 20 20:17:39 10.0.2.15 firewalld[1604]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure config>lines 1-13/13 (END)...skipping...
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-12-20 20:17:38 EST; 7s ago
     Docs: man:firewalld(1)
 Main PID: 1604 (firewalld)
    Tasks: 2 (limit: 11472)
   Memory: 22.5M
   CGroup: /system.slice/firewalld.service
           └─1604 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

Dec 20 20:17:38 10.0.2.15 systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 20 20:17:38 10.0.2.15 systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 20 20:17:39 10.0.2.15 firewalld[1604]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future relea>

2. Next step, if the the firewalld service is active, just add the rule. Having the firewalld service activated from the result of the above command, just add the rule. So, adding the rule is possible by executing the following command below :

firewalld --add-port 80/tcp --permanent

The command above is a command for adding a new rule by adding port 80. Executing the command above will allow any incoming connection to port 80. After executing the above command, execute the command below in order to make the rule permanently active :

firewalld --reload

The following is the display of the above command execution where the execution is in the VirtualBox application. The execution command is using a normal user having the super user privilege. By using sudo command, the normal user ‘admin’ can execute any command according the the sudo configuration. Check the article with the title of ‘How to Remote CentOS Virtual Server running in a VirtualBox with a NAT Network using SSH’ in this link.

The execution command above is executed by having a remote SSH connetion to the  running CentOS virtual server. In ordert to access the running CentOS virtual server running in a VirtualBox Manager, just read the article with the title of ‘How to Add User as Super User in CentOS 8 running in a VirtualBox Application’ in this link.  So, the following is the image display of the above command execution :

How to Add Rule in the Firewall to Allow Incoming HTTP Connection in CentOS 8
How to Add Rule in the Firewall to Allow Incoming HTTP Connection in CentOS 8

Leave a Reply