One of the most common things I do on Linux machines is open ports to test software in a development environment. In the past, that meant trying to remember (and Googling) cryptic iptables commands. Now, CentOS 7 and Red Hat 7 include the nicer firewall-cmd tool to configure the firewall.
First, ensure the firewall-cmd service is running:
|
1 2 3 4 5 6 7 8 9 10 |
[root@localhost ~]# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Thu 2015-04-09 18:08:33 EDT; 2 months 3 days ago Main PID: 642 (firewalld) CGroup: /system.slice/firewalld.service └─642 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Apr 09 18:08:33 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. [root@localhost ~]# |
Now, the following command will open port 8080 for TCP traffic, for the current session only:
|
1 2 |
[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp success |
If you want to make the change persist across reboots, you can add the --permanent flag, and then do a --reload to make the change take effect in the current session.
|
1 2 3 4 |
[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent success [root@localhost ~]# firewall-cmd --reload success |
Now port 8080 should be open. To verify, you can run with --list-all and look at the list of ports:
|
1 2 3 4 5 6 7 8 9 10 |
[root@localhost ~]# firewall-cmd --zone=public --list-all public (default) interfaces: sources: services: dhcpv6-client ssh ports: 8080/tcp masquerade: no forward-ports: icmp-blocks: rich rules: |
If you want to remove port 8080, you would use the --remove-port flag, with the --permanent flag if you want to persist the change:
|
1 2 3 4 |
[root@localhost ~]# firewall-cmd --zone=public --remove-port=8080/tcp --permanent success [root@localhost ~]# firewall-cmd --reload success |
You can use --list-all again to verify that the port has been removed:
|
1 2 3 4 5 6 7 8 9 10 |
[root@localhost ~]# firewall-cmd --zone=public --list-all public (default) interfaces: sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: |
This is a very quick introduction to firewall-cmd. There is much more to learn, but this is a quick, basic task that I find myself doing frequently.
For more reading, see:
- This article which gives a more thorough introduction
- Red Hat Security Guide
Related posts from Linux Brigade!
Download CentOS 7 Nightly Builds As the CentOS folks are working on releasing a final version of CentOS 7, you can get in on the action and download their nightly builds. We’re estimating (guessing? Based on previous […]
Untangle your network Whether you’re the admin of your office network or your home network (or both), it’s always a good idea to have security and order in place. Untangle is software that you can install as […]
Install CSF/LFD Firewall on your Linux Server The first thing on your mind when setting up a new Linux server (dedicated or VPS) is how you can increase security. One of the best tools in your bag of tricks should be the CSF […]
Turn off unneeded services on your Linux machine One of the easiest ways to start securing your server (and speeding it up) is to turn off unnecessary services that are usually running by default. This little script will go through and […]
Check, repair, optimize all databases with one command My server had some tables marked as ‘crashed’ in one of the databases.. the server had recently gone down pretty harshly so I wanted to go through and check, repair and optimize all of the […]
