MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
April
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    
2015
Months
Jan Feb Mar
AprMay Jun
Jul Aug Sep
Oct Nov Dec


Fri, Apr 24, 2015 5:07 pm

Opening a firewall port for Firewalld from the command line

You can see what services and ports already have firewall rules permitting access to the ports on a CentOS system using FirewallD for the firewall service from a shell prompt with firewall-cmd --list-services and firewall-cmd --list-ports. 
# firewall-cmd --list-services
dhcpv6-client http pop3s smtp ssh
[root@localhost ~]# firewall-cmd --list-ports
110/tcp 4343/tcp 143/tcp

If you wish to permit access on an additional port you can use the --add-port option. Specify the zone to which the rule should apply with --zone and specify UDP or TCP with /protocol after the port number, where protocol is either udp or tcp.

[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp
success
[root@localhost ~]# firewall-cmd --list-ports
110/tcp 4343/tcp 8080/tcp 143/tcp

Note: in the above example the firewall rule is only added temporarily; it won't persist after a reboot of the system. To make the rule permanent requires the use of the --permanent option and a restart of the firewall service with systemctl restart firewalld.service or firewall-cmd --reload. E.g.:

firewall-cmd --permanent --zone=public --add-port=8080/tcp
systemctl restart firewalld.service

If you wish to see a list of the configured zones on the system, use the --get-zones option.

[root@localhost ~]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

If you wish to see the open ports for a particular zone, you can specify the zone with --zone=. E.g.:

[root@localhost ~]# firewall-cmd --zone=public --list-ports
110/tcp 4343/tcp 8080/tcp 143/tcp

If you wish to remove access to a port for which you have permitted connectivity, you can use the --remove-port option. If you specify a port for which there is no rule permitting access, you will see a "Warning: NOT_ENABLED" message. E.g.:

# firewall-cmd --remove-port=443/tcp
Warning: NOT_ENABLED
[root@localhost ~]# firewall-cmd --list-ports
110/tcp 4343/tcp 8080/tcp 143/tcp
[root@localhost ~]# firewall-cmd --remove-port=8080/tcp
success
[root@localhost ~]# firewall-cmd --list-ports
110/tcp 4343/tcp 143/tcp

If you are removing a permanent entry, specify the --permanent option and reload the firewall softward afterwards. E.g.:

[root@localhost ~]# firewall-cmd --remove-port=8080/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success

References:

  1. Monitoring Failed SSH Logins to a CentOS System
    Date: November 9, 2014
    MoonPoint Support
  2. RHEL7: How to get started with Firewalld.
    Last updated on April 14, 2015
    CertDepot

[/os/unix/linux/centos] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo