From 7cf3d94bffa1f6d785e4a727373b0ff9d633b2b7 Mon Sep 17 00:00:00 2001
From: Arif Badar <abadar@redhat.com>
Date: Mon, 4 Aug 2025 14:55:17 +0530
Subject: [PATCH] Add firewall configuration

---
 docs/source/server_howto.rst | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/docs/source/server_howto.rst b/docs/source/server_howto.rst
index a03e14a6..db717e15 100644
--- a/docs/source/server_howto.rst
+++ b/docs/source/server_howto.rst
@@ -835,6 +835,25 @@ allow Apache access to NFS::
 
     root@localhost$ setsebool -P httpd_use_nfs=1
 
+Firewall Configuration
+^^^^^^^^^^^^^^^^^^^^^^
+
+For typical deployments where the Koji web interface and hub may be accessed
+from remote hosts, you may configure your firewall to allow incoming
+connections on ports 80 (HTTP) and 443 (HTTPS).
+
+The following commands can be used to open ports to the public firewall zone
+and make the changes permanent so they persist after a reboot::
+
+    root@localhost$ firewall-cmd --permanent --zone=public --add-service=http
+    root@localhost$ firewall-cmd --permanent --zone=public --add-port=80/tcp
+
+    root@localhost$ firewall-cmd --permanent --zone=public --add-service=https
+    root@localhost$ firewall-cmd --permanent --zone=public --add-port=443/tcp
+
+    # Reload rules
+    root@localhost$ firewall-cmd --reload
+
 Check Your Configuration
 ^^^^^^^^^^^^^^^^^^^^^^^^