After you install Firewalld, the first thing you’ll likely want to do is open a port to connect with web applications on your Linux server. Only dhcp6-client and SSH are enabled by default. However, opening ports with Firewalld is an easy process. The first reason for this is the commands are straight-forward and easy to remember.
The second reason is that Firewalld allows you to manage well-known ports as predefined “services” for a more human-readable configuration. For example, instead of using 443/
tcp
, you can simply use the https
service. Since services are easier to read than numbers and protocols, it’s best to check if a port is listed as a service before using the port option.
Below we cover how to open a port in Firewalld and check open ports.
Open a Port in Firewalld
- Log into SSH
- Check if the application port is defined as a service (e.g. IMAPS, Kerberos, MySQL):
firewall-cmd -get-services - If the service is listed, whitelist the service permanently in the current zone:
sudo firewall-cmd –permanent –add-service=SERVICE
If not, open the port permanently by specifying the port number and protocol (TCP or UDP):
sudo firewall-cmd –permanent –add-port=1234/tcp - Reload Firewalld to apply changes:
firewall-cmd –reload
Check Open Ports in Firewalld
After you whitelist ports and services, you should ensure your changes are accurate.
- List whitelisted services in Firewalld:
sudo firewall-cmd –list-services - List currently open ports in Firewalld:
sudo firewall-cmd –list-ports
source from https://www.inmotionhosting.com/support/security/how-to-open-a-port-in-firewalld/