Firewalld Service and Port Management Checklist for RHCSA

halfbrain_logo512adminJune 19, 2026
4 lượt xem

Firewalld Service and Port Management Checklist for RHCSA

Firewalld is commonly used on Red Hat-based systems to manage firewall rules. RHCSA practice should include zones, services, ports, runtime changes, permanent changes and verification.

Core principle

A firewall rule controls network reachability. Runtime rules affect the current session. Permanent rules survive reload or reboot. Know which one you are changing.

Checklist

  1. Check firewalld status.
  2. Check active zones.
  3. List allowed services.
  4. List allowed ports.
  5. Add a service temporarily.
  6. Add a service permanently.
  7. Add a custom port if needed.
  8. Reload firewalld carefully.
  9. Verify external access.
  10. Remove rules that are no longer needed.

Reusable lesson

This applies to SSH, web servers, databases, APIs, Nginx, httpd, Cockpit, monitoring and cloud security design.

Checklist Type Security
Level Beginner
Risk Level High Risk
Estimated Time 30–75 minutes

When to Use This Checklist

Use this checklist when practicing firewall management for RHCSA or securing Red Hat-based servers.

Required Tools

RHEL-compatible VM, firewalld, firewall-cmd, sudo access, test service, second terminal

Before You Start

Keep console or existing SSH access available before changing firewall rules on a remote system.

Structured Checklist Steps

  1. Check firewalld status.
  2. Check zones.
  3. List services.
  4. List ports.
  5. Add runtime service.
  6. Add permanent service.
  7. Add custom port.
  8. Reload firewalld.
  9. Verify access.
  10. Remove unused rules.

Verification Steps

  1. Firewalld is active if required.
  2. Correct zone is understood.
  3. Only required services or ports are open.
  4. Permanent rules survive reload.
  5. Remote access is not accidentally blocked.

Rollback Plan

If firewall changes block access, use console recovery or another active session to remove the latest rule and restore known-good access.

See also  Layered Website Firewall Defense Checklist

Common Mistakes

  • Changing runtime rules but forgetting permanent rules.
  • Opening ports globally without need.
  • Reloading before verifying SSH access.
  • Confusing service names with port numbers.
  • No documentation of open services.

Related Commands

sudo systemctl status firewalld
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --list-all
sudo firewall-cmd --add-service=http
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

Share:

Disclaimer: The guides, checklists, commands, and examples on HalfBrain.net are provided for educational and operational reference only. Server environments, hosting providers, software versions, security settings, and WordPress configurations can vary, so you should always review commands before running them on your own system. We do our best to keep the content accurate and useful, but we cannot guarantee that every command, configuration, or recommendation will fit every environment. Always back up your website, database, and server configuration before making changes. HalfBrain.net is not responsible for data loss, downtime, security incidents, misconfiguration, or other issues that may result from applying the information on this website. Use the material at your own discretion.

halfbrain_logo512
admin

HalfBrain.net is a practical field notebook for people who want to self-operate websites, VPS servers, Linux systems, Docker stacks, Nginx configurations, DNS records, SSL certificates, and AI automation workflows. Our goal is simple: turn messy infrastructure problems into clear, repeatable checklists, commands, and operating procedures. We focus on practical execution, not theory for theory’s sake.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related articles: