DEV Community

Cover image for 16.Firewall Configuration
Thu Kha Kyawe
Thu Kha Kyawe

Posted on

16.Firewall Configuration

#aws #linuxlevel1

Lab Information

The Nautilus system admins team has rolled out a web UI application for their backup utility on the Nautilus backup server within the Stratos Datacenter. This application operates on port 5003, and firewalld is active on the server. To meet operational needs, the following requirements have been identified:

Allow all incoming connections on port 5003/tcp. Ensure the zone is set to public.

Lab Solutions

🧭 Part 1: Lab Step-by-Step Guidelines

πŸ”Ή Step 1: Log in to Jump Host

ssh thor@jump_host.stratos.xfusioncorp.com

Password:

mjolnir123

πŸ”Ή Step 2: SSH into Backup Server

ssh clint@stbkp01.stratos.xfusioncorp.com

Password:

H@wk3y3

πŸ”Ή Step 3: Switch to root

sudo -i
Enter fullscreen mode Exit fullscreen mode

πŸ”₯ Configure firewalld

πŸ”Ή Step 4: Ensure default zone is public

firewall-cmd --set-default-zone=public
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Step 5: Allow port 5003/tcp permanently

firewall-cmd --zone=public --add-port=5003/tcp --permanent
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Step 6: Reload firewall to apply changes

firewall-cmd --reload
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Step 7: Verify port is open

firewall-cmd --zone=public --list-ports
Enter fullscreen mode Exit fullscreen mode

πŸ”Ή Step 8: Verify active zone

firewall-cmd --get-default-zone
Enter fullscreen mode Exit fullscreen mode

Expected output:

[root@stbkp01 ~]# firewall-cmd --set-default-zone=public
Warning: ZONE_ALREADY_SET: public
success
[root@stbkp01 ~]# firewall-cmd --zone=public --add-port=5003/tcp --permanent
success
[root@stbkp01 ~]# firewall-cmd --reload
success
[root@stbkp01 ~]# firewall-cmd --zone=public --list-ports
5003/tcp
[root@stbkp01 ~]# firewall-cmd --get-default-zone
public
Enter fullscreen mode Exit fullscreen mode

βœ… Final Checklist

βœ” Default zone set to public
βœ” Port 5003/tcp added permanently
βœ” Firewall reloaded
βœ” Port verified open
βœ” Completed on Backup Server only

🧠 Part 2: Simple Step-by-Step Explanation (Beginner Friendly)

πŸ”Ή What is happening?

A backup web UI runs on:

port 5003

But firewalld blocks incoming traffic by default.

We must allow traffic to that port.

πŸ”Ή What is a zone?

Firewalld uses zones like:

public

internal

trusted

The lab requires the zone to be:

public

πŸ”Ή Why use --permanent?

Without --permanent, changes disappear after reboot.

The lab expects persistent configuration.

πŸ”Ή Why reload?

After adding permanent rules:

firewall-cmd --reload

applies them immediately.

πŸ” Real-World Context

Opening specific ports is common when:

Deploying web apps

Exposing APIs

Enabling monitoring dashboards

Only required ports should be opened β€” never open all traffic.

Resources & Next Steps
πŸ“¦ Full Code Repository: KodeKloud Learning Labs
πŸ“– More Deep Dives: Whispering Cloud Insights - Read other technical articles
πŸ’¬ Join Discussion: DEV Community - Share your thoughts and questions
πŸ’Ό Let's Connect: LinkedIn - I'd love to connect with you
Credits
β€’ All labs are from: KodeKloud
β€’ I sincerely appreciate your provision of these valuable resources.

Top comments (0)