How to Add Rule in the Firewall to Allow Incoming SSH Connection in CentOS 8

Posted on

Introduction

This article is an article for showing how to add a rule to allow incoming SSH Connection in CentOS 8. Adding the rule itself is possible by executing a specific command. This article actually is a continuation of several previous article. It is the part of the firewall configuration of the running CentOS virtual server in VirtualBox application.

Adding SSH Incoming Connection Rule

The following is the step for adding the rule itself :

1. Make sure that the firewalld service is running. The following is the command to check whether the firewalld service is running or not :

systemctl status firewalld

The following is the execution of the above command :

[root@10 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Sun 2020-12-20 18:17:09 EST; 2h 0min ago
     Docs: man:firewalld(1)
  Process: 828 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 828 (code=exited, status=0/SUCCESS)

Dec 20 18:16:17 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 20 18:16:22 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 20 18:16:23 localhost.localdomain firewalld[828]: WARNING: AllowZoneDrifting is enabled. This is considered an inse>Dec 20 18:17:08 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
Dec 20 18:17:09 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@10 ~]#

Apparently the firewalld service is not active. So, in order to activate the firewalld service, just execute the following command :

[root@10 ~]# systemctl start firewalld
[root@10 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-12-20 20:17:38 EST; 7s ago
     Docs: man:firewalld(1)
 Main PID: 1604 (firewalld)
    Tasks: 2 (limit: 11472)
   Memory: 22.5M
   CGroup: /system.slice/firewalld.service
           └─1604 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

Dec 20 20:17:38 10.0.2.15 systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 20 20:17:38 10.0.2.15 systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 20 20:17:39 10.0.2.15 firewalld[1604]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure config>lines 1-13/13 (END)...skipping...
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-12-20 20:17:38 EST; 7s ago
     Docs: man:firewalld(1)
 Main PID: 1604 (firewalld)
    Tasks: 2 (limit: 11472)
   Memory: 22.5M
   CGroup: /system.slice/firewalld.service
           └─1604 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

Dec 20 20:17:38 10.0.2.15 systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 20 20:17:38 10.0.2.15 systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 20 20:17:39 10.0.2.15 firewalld[1604]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future relea>

2. After starting the firewalld service and it is active, add the rule by executing the following command :

firewall-cmd --add-port 22/tcp --permanent

The above command is a command for adding port 22. Adding the command will allow any incoming connection to port 22. Following after the above command, just execute the following command in order to make the rule implemented as follows :

firewall-cmd --reload

The following is the display of the above command execution where the execution is in the VirtualBox application. Precisely, the execution is directly performed in the running CentOS virtual server. It is done like that since normally the SSH connection is not possible to be accessed remotely at first. So, add the rule directly to the running CentOS virtual server as in the image below :

How to Add Rule to Allow Incoming SSH Connection in CentOS 8
How to Add Rule to Allow Incoming SSH Connection in CentOS 8

2 thoughts on “How to Add Rule in the Firewall to Allow Incoming SSH Connection in CentOS 8

  1. In the quoted code you write ‘firewalld’ instead of ‘firewall-cmd’ – in case this helps 🙂

Leave a Reply