🔥 Firewalld Configuration for SolusVM 2.0 Master Panel (AlmaLinux 8.10)

This guide explains how to configure firewalld on an AlmaLinux 8.10 server running SolusVM 2.0 Master Panel securely and efficiently.

---

✅ Requirements Summary

Protocol	Port(s)	Description
TCP	443	HTTPS (Master Web Panel)
TCP	4081-4085	SolusVM Master–Slave Communication
TCP	22	SSH (Admin Access)

---

1️⃣ Install and Start Firewalld

sudo dnf install firewalld -y
sudo systemctl enable --now firewalld
sudo firewall-cmd --state

---

2️⃣ Set Network Zone

Replace eth0 with your actual network interface if different:

sudo firewall-cmd --zone=public --change-interface=eth0 --permanent
sudo firewall-cmd --reload

Check the active zone:

sudo firewall-cmd --get-active-zones

---

3️⃣ Allow Required Services and Ports

# Allow HTTPS for SolusVM panel
sudo firewall-cmd --zone=public --add-service=https --permanent

# SolusVM Master Ports
sudo firewall-cmd --zone=public --add-port=4081-4085/tcp --permanent

# SSH Access
sudo firewall-cmd --zone=public --add-service=ssh --permanent

# Apply changes
sudo firewall-cmd --reload

---

4️⃣ (Optional) Restrict Access to Trusted IPs

Allow only specific IP ranges:

sudo firewall-cmd --zone=public --add-source=203.0.113.0/24 --permanent
sudo firewall-cmd --reload

---

5️⃣ Check Current Configuration

sudo firewall-cmd --zone=public --list-all

---

6️⃣ Optional Security Hardening

Block ICMP (ping) requests:

sudo firewall-cmd --zone=public --add-icmp-block=echo-request --permanent

Limit SSH Brute Force Attempts:

sudo firewall-cmd --permanent --zone=public \
  --add-rich-rule='rule family="ipv4" service name="ssh" limit value="3/m" accept'

---

7️⃣ Save & Reload

sudo firewall-cmd --reload

---

✅ Final Notes

• Confirm the SolusVM Master panel is accessible via port 443 externally.
• Use tools like nmap, telnet, or curl from a remote server to verify port access.
• Adjust settings in Fail2Ban, SELinux, or CSF if used concurrently.

---

🧪 Example Sanitized Configuration

[root@master ~]# firewall-cmd --zone=public --list-all
public (active)
  target: default
  interfaces: eth0
  sources: 203.0.113.0/24 198.51.100.0/24 192.0.2.50
  services: https ssh
  ports: 4081-4085/tcp
  icmp-blocks: echo-request
  rich rules:
    rule family="ipv4" service name="ssh" limit value="3/m" accept

[root@master ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2025-04-01 19:26:13 UTC
   Main PID: 728 (firewalld)

[root@master ~]# hostnamectl
Static hostname: master.examplehost.com
Operating System: AlmaLinux 8.10 (Cerulean Leopard)
Kernel: Linux 4.18.0-553.46.1.el8_10.x86_64
Architecture: x86-64
Virtualization: kvm