Fedora 42
Sponsored Link

Initial Settings : Firewall2025/04/16
 

Configure Firewall and SELinux.

[1] It's possible to see FireWall Service Status like follows. (enabled by default)
[root@localhost ~]#
systemctl status firewalld 

● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
    Drop-In: /usr/lib/systemd/system/service.d
             +-- 10-timeout-abort.conf, 50-keep-warm.conf
     Active: active (running) since Wed 2025-04-16 11:21:05 JST; 3min 44s ago
 Invocation: a58bc86ba12b49238fdf9936c8b12393
       Docs: man:firewalld(1)
   Main PID: 886 (firewalld)
      Tasks: 2 (limit: 4637)
     Memory: 44.6M (peak: 45M)
        CPU: 272ms
     CGroup: /system.slice/firewalld.service
.....
.....
# [Active: active (running) ***] means firewalld is running now
[2]

If you use FireWall service, it needs to modify FireWall settings manually because incoming requests for services are mostly not allowed by default.
Refer to here for basic Firewall operation and settings (CentOS Stream 10).
Configuration examples of Fedora 42 on this site are based on the environment Firewalld service is always enabled.

[3] If you don't need FireWall service because of some reasons like that some FireWall Machines are running in your Local Netowrk or others, it's possible to stop and disable FireWall service on Fedora server like follows.
# stop service

[root@localhost ~]#
systemctl stop firewalld

# disable service

[root@localhost ~]#
systemctl disable firewalld

Removed '/etc/systemd/system/multi-user.target.wants/firewalld.service'.
Removed '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'.
Initial Settings : SELinux
[4] It's possible to show current SELinux (Security-Enhanced Linux) Status like follows. (enabled by default)
[root@localhost ~]#
getenforce 

Enforcing     # SELinux is enabled
[5]

If you enable SELinux, there are cases to modify SELinux policy manually because sometimes SELinux stop applications.
Refer to here for basic SELinux operation and settings (CentOS Stream 10).
Configuration examples of Fedora 42 on this site are based on the environment SELinux is always Enforcing.

[6] If you don't need SELinux feature because of some reasons like that your server is running only in Local safety Network or others, it's possible to disable SELinux like follows.
# disable SELinux

[root@localhost ~]#
grubby --update-kernel ALL --args selinux=0
# restart computer to apply changes

[root@localhost ~]#
reboot
# if falling back to enable, run like follows

[root@localhost ~]#
grubby --update-kernel ALL --remove-args selinux

Matched Content