How to run WildFly through a firewall

This tutorial will guide you through the configuration of firewall rules to run WildFly through a firewall.

To run WildFly through a firewall, you will need to configure your firewall to allow incoming connections on the port that WildFly is using. WildFly uses port 8080 by default, so you will need to allow incoming connections on this port.

To do this, you will need to access your firewall’s configuration settings and add a rule to allow incoming connections on port 8080. The specific steps to do this will depend on the type of firewall you are using and your OS.

Linux Machine

To configure firewall rules on a Linux machine you can use the command-line tool firewall-cmd which is part of the firewalld application, that is installed by default. It can be used to make permanent and non-permanent runtime changes.

Typically, you would allow the HTTP port to be reached from outside. So, to allow the port 8080:

sudo firewall-cmd --zone=public --add-port 8080/tcp

The above rule will not however survive a server restart. In order to make it permanent, you would need to add the –permanent parameter:

sudo firewall-cmd --zone=public --add-port 8080/tcp --permanent

Then, if you want to manage the application server through a firewall, consider adding a Rule also for the management port (default 9990).

Windows machine

On a Windows machine go into Control Panel and click Windows Firewall. There select “Allow an app or feature through Windows Firewall” and it will open this window:

This tutorial will teach you how to configure WildFly or JBoss EAP to run through a firewall.

Next, click on “Change Settings” and select the “Allow another app...” button and in the next window choose the Browse button next to the Path field.

You will need to add the WildFly service so that it can run through the Windows Firewall

This tutorial will teach you how to configure WildFly or JBoss EAP to run through a firewall.


Configuring application ports

If you are running a Web application you need to make sure that the http/https listeners of WildFly have an ACL to pass through the firewall.

On the other hand, if you are running EJB remote services, you should consider using “http://” transport, as opposed to “remoting+http://” for your EJB Clients.

Check this article to learn more about: How to code a Remote EJB Client with WildFly