How to open port and change port SSH on Almalinux 9 with Firewalld

Estimated reading: 3 minutes 115 views

The open port is a network port on which the application listens, acting as a communication endpoint. We can view the list of open ports on the system by querying the network stack with commands such as ss, netstat or lsof. Each listening port can be opened or closed (filtered) by a firewall.

By default, port 22 is used to establish an SSH connection. This port is automatically configured during the installation of your operating system.

To reduce the number of brute force attacks, you can configure another port for SSH access.

Change SSH port

Before changing the port, please ensure that the applications and services installed on the server can be configured without a default port. Otherwise, changing the default port may cause these applications and services to stop working.

Also, to make sure you can back up the sshd_config file first:

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Step 1: Open the SSH configuration file sshd_config with the text editor vi:

vi /etc/ssh/sshd_config

Step 2: Search for the entry Port 22.

Step 3: Enter Port new <Specified Port Number> and remove #. Port 5566 is the new SSH port in the following example:

Step 4: To restart the SSH daemon and complete the bind to the newly specified port, run the following command:

systemctl restart sshd

After changing the SSH port, you also need to add the newly changed port to the Firewalld:

firewall-cmd --add-port=5566/tcp --permanent

To reload Firewalld and all permanent rules:

firewall-cmd --reload

You can now SSH through the new port:

Open port with Firewalld

In this tutorial, we will open port 80 and the service that comes with the opened port

You can use command ss, which is used to display ports that are listening for connections, and also displays networks that accept incoming connections.

ss -ltn

Reload with the following command to add ports to the firewall

firewall-cmd --add-port=80/tcp

This rule takes effect immediately but only lasts until the next reboot. Add the –permanent flag to make it persistent:

firewall-cmd --add-port=80/tcp --permanent

Then use the following command to enable the firewall rules:

firewall-cmd --reload

You can check the newly opened port again

You won’t see it because you haven’t installed the service corresponding to the port you just opened, here we will install HTTP and try checking again because HTTP listens on port 80

You can see port 80 after HTTP settings

Also, you can check which process this port belongs to:

ss -ltnp

This is Apache (HTTP) after you install and open the port on Firewalld successfully.


Through this article, we have guided you to open port and change port SSH on Almalinux 9 with Firewalld. Hope this article will be useful for you.