The FirewallD Webmin module, not to be confused with the Firewalld application firewall, allows system administrators to manage iptables firewall rules within the Webmin dashboard instead of the command-line interface (CLI). It is much less complicated than the Linux IPTables Firewall module. The module is also somewhat similar in user experience (UX) to the official firewall-config application for Linux PCs.
Remember to create a Webmin backup or snapshot before making major changes to your server.
The FirewallD module is included natively in the base Webmin installation. It even imports your current Firewalld settings automatically. Below we’ll cover how to:
Enable the FirewallD Webmin Module
- SSH into your server.
- Ensure Firewalld is installed. The easiest method is to use Systemd:
systemctl status firewalld
- If you’re installing it now, ensure you open port 10000 (for Webmin) and your SSH port (if you changed it from “22”):
firewall-cmd --permanent --add-port=10000/tcp
Reload Firewalld:firewall-cmd --reload
- Ensure Firewalld is running, or started:
firewall-cmd --state
systemctl start firewalld
- Log into your Webmin dashboard.
- On the left, search for and select FirewallD.
- Make necessary changes as discussed below and select Apply Configuration.
Experience full control over your server environment and deploy the best operating and management systems that fit your needs with our reliable Cloud VPS Hosting!
Configure the FirewallD Webmin Module
You can read our Firewalld configuration guide for more information on common firewall features. Below we’ll cover important FirewallD module tasks for server hardening.
Switch Zones
Firewalld zones are rule sets you can quickly switch between for specific circumstances. Most default rule sets (e.g. trusted and work) are more applicable to securing Linux desktops than a single web server. You can configure a zone per your needs from the Show rules in zone drop-down menu. You can also set a default zone, delete zones, and add zones.
For basic usage, stick with the public zone.
Add Services for Ports
Firewalld refers to ports commonly used for a specific application as services. It’s best to search for ports as a service first for easier management in complex setups.
- Ensure you’re in the correct zone.
- Select Add allowed service.
- Search for the service you need to allow from the drop-down menu.
- Select Create.
- Once you’ve finished making changes, select Apply Configuration.
Open Ports
If you need to open a unique port or port range, you’ll need to use the Add Port option.
- Select Add allowed port.
- Specify the single port or port range.
- Select the correct protocol – TCP or UDP.
- Select Create.
- Once you’ve finished making changes, select Apply Configuration.
Disable Firewalld
If you need to disable Firewalld for troubleshooting at any point, simply select Stop FirewallD instead of doing so from the terminal. You’ll receive the notification “Failed to list zones : FirewallD is not running.” You won’t be able to see the FirewallD module settings again until you enable Firewalld from the terminal:
systemctl start firewalld
The radio buttons to Change this option to control whether your firewall is activated at boot time or not are the GUI equivalent to the Systemd command:
systemctl enable firewalld
Learn more about server management from our Cloud Server Hosting Product Guide.
why doesn’t webmin allow us to make conditions based on networks instead of ports.. i would like to whitelist ips
Hi Allen, there are ways to do this, but you’ll need to open up the Webmin terminal and add the IP address to Firewalld. Here’s a discussion thread on the issue over on stack exchange that was suggested to me to help point you in the right direction. Once you start reaching the limits of what Webmin is capable of by default, you usually end up needing to head into the terminal to resolve the issue. It may be worth reaching out to the Webmin devs and suggesting this as a feature they could add. Hope that helps!