How to Install the FirewallD GUI on Rocky Linux EL9 or EL8
If you’ve been running Rocky Linux for a while, you might have noticed that the handy “firewall‑config” GUI is gone after an update. That’s where this article steps in: it shows how to get the FirewallD GUI back and why each step matters.
Why You’ll Want the GUI
The command‑line firewall-cmd is powerful, but the GUI lets you see zones, services, and ports all at once. I’ve seen developers skip the GUI entirely because it disappeared after upgrading from EL8 to EL9; when they tried to tweak masquerading in a terminal session, they locked themselves out of their own machine.
1. Make Sure Your System Is Up‑to‑Date
sudo dnf update -y
Updating first guarantees you’re pulling the latest packages and fixes for Rocky Linux 9 or 8. It also pulls in any newer dependencies that firewall-config needs.
2. Install the Core FirewallD Package (if it’s not already)
sudo dnf install firewalld -y
The GUI is essentially a wrapper around the daemon, so you must have the main service running. Skipping this will leave you with an empty “firewall‑config” that won’t launch.
3. Add the EPEL Repository
The GUI lives in the EPEL stream on Rocky Linux.
sudo dnf install epel-release -y
Without EPEL, the package manager can’t find firewall-config. It’s a one‑liner that saves you from hunting for a separate repository file.
4. Install the GUI Package
sudo dnf install firewall-config -y
That’s all there is to it on EL8 and EL9. On EL9, the package name is identical; Rocky’s packaging keeps things tidy across major releases.
5. Enable and Start FirewallD
sudo systemctl enable --now firewalld.service
The GUI won’t open if the daemon isn’t running. Enabling it at boot ensures you always have a firewall in place, even after reboots or kernel upgrades.
6. Launch “firewall‑config” from Your Desktop
Either click the icon that should now appear under “Internet & Network” or run:
firewall-config
If it throws an error like “cannot connect to DBus: No such file or directory”, double‑check that systemd is running in your session. Rarely, you’ll need to log out and back in.
7. Configure a Quick Test Rule
1. In the GUI, switch to the “Public” zone.
2. Click “Services”, tick http and https.
3. Apply changes.
Why do this? It lets you confirm the daemon is actively enforcing rules. You can verify by opening a web browser from another machine; if it connects, you’re good.
8. Optional: Install Additional GUI Extras
If you want a more polished interface, install:
sudo dnf install firewall-config-gnome -y
This pulls in the GNOME‑centric UI. On minimal installs, the base firewall-config is lightweight enough that adding GNOME extras just bloats the package list.
9. Check for Unnecessary Packages
If you find yourself with both firewall-config and firewalld installed on an older system, note that the former pulls in the latter automatically. Keeping only one set of related packages avoids confusion and reduces the attack surface.
Common Pitfalls to Avoid
- Missing EPEL: Without it you’ll get “No matching Packages found”.
- Not starting firewalld: The GUI will launch but stay in a frozen state.
- Running as root only: Remember firewall-config is designed for regular users; running it as root can lead to accidental global rule changes.
You’re now set up with the FirewallD GUI on Rocky Linux EL8 or EL9. Play around with zones and services, and if something breaks, you’ll have a visual snapshot of what went wrong.
