The guide walks CentOS 9 Stream users through setting up a graphical firewall manager so they can avoid command‑line hassles. After confirming firewalld is installed—or installing it with dnf—the tutorial adds the firewall-config package to provide a GNOME‑style GTK window for zone and port configuration. It then explains how to enable the daemon at boot with systemctl, launch the application from Activities, and save changes after tweaking services such as SSH or HTTP on the default public zone. The article also highlights common pitfalls like service failures, missing GUI due to architecture mismatch, or ports not opening because of incorrect zone selection, offering quick checks for each issue.

Get a Friendly FirewallD GUI on CentOS 9 Stream – Easy Install & Enable Guide

CentOS 9 Stream users can finally enjoy a graphical interface for firewall management, without the usual headaches of compiling from source or juggling command‑line flags. This guide walks through installing the firewalld package, pulling in the GNOME‑style GUI, and getting it up and running on the desktop.

Prerequisites

• A working CentOS 9 Stream installation with internet access.
• An account with sudo privileges.
• The system already has the default GNOME desktop or any other X session where a GTK app can launch.

A quick sanity check:

rpm -q firewalld || echo "firewalld not installed yet"

If it reports not installed, proceed to the next section.

Installing firewalld and its GUI

1. Pull in the core firewall daemon

   sudo dnf install -y firewalld
   

   The -y flag skips the prompt; this is handy when scripting or when you’re impatient. Firewalld is the default, policy‑based firewall used by most modern Linux distributions.

2. Install the GUI front‑end

   sudo dnf install -y firewall-config
   

   This package brings a small GTK window that lets you tweak zones, services, and ports with drag‑and‑drop. No more firewall-cmd syntax nightmares.

3. Enable firewalld on boot and start it immediately

   sudo systemctl enable --now firewalld
   

   The double flag ensures the service starts now and is enabled for future boots. Without this, your firewall remains off even after a reboot.

Launching and Using the GUI

• Open the Activities overview (or press Super) and type “Firewall” to launch it.
• On first run, you’ll see the default “public” zone with the most common services enabled: SSH, HTTP, HTTPS.
• To add a custom port, click Add, pick Port, then enter the protocol (tcp or udp) and number (e.g., 8080).
• Remember to click Save after making changes; otherwise they’ll vanish on logout.

Why this matters

A colleague hit a nasty bug after upgrading to CentOS 9 Stream, losing all open ports until they re‑enabled firewallD via the new GUI. That’s why enabling and testing the GUI immediately after installation is essential—no more guessing that your services are blocked because the daemon isn’t running.

Common Pitfalls

• firewalld not starting: Check systemctl status firewalld. If it shows “failed,” run journalctl -xe | grep firewalld for clues.
• GUI missing after install: Make sure the firewall-config package is installed in the same architecture (x86_64). Mixing 32‑bit and 64‑bit packages can cause the app not to appear.
• Port not opening: Adding a port via the GUI doesn’t automatically mark it as “allowed” if the zone isn’t correctly selected. Verify that you’re editing the active zone by looking at the top dropdown.

That’s it – your CentOS 9 Stream desktop is now protected and easier to manage.