Firewalld is a dynamic firewall manager that simplifies port management using predefined services or direct port specifications. If you’re setting up a web application or any service on your Linux server, you may need to open specific ports for traffic. Firewalld provides an easy way to do this through simple commands.
Step 1: Log into SSH
First, log into your server via SSH as the root user or a user with sudo
privileges:
ssh root@your-server-ip
Step 2: Check if the Port is Defined as a Service
Before opening a port, it’s best to check if the service is already predefined in Firewalld. For example, services like HTTP (port 80) or HTTPS (port 443) are often listed as services.
- To check if the service is available, use the following command:bash
firewall-cmd --get-services
Step 3: Open the Port or Service
Option 1: Open a Port Using a Predefined Service
If the service (e.g., HTTP, HTTPS, MySQL) is listed, you can open it easily by using the service name:
sudo firewall-cmd --permanent --add-service=SERVICE
For example, to open the HTTP service (port 80):
sudo firewall-cmd --permanent --add-service=http
Option 2: Open a Port by Port Number
If the service isn’t listed, you can open the port by specifying the port number and the protocol (TCP or UDP):
sudo firewall-cmd --permanent --add-port=PORT_NUMBER/TCP
For example, to open port 1234 for TCP:
sudo firewall-cmd --permanent --add-port=1234/tcp
Step 4: Reload Firewalld to Apply Changes
After adding the necessary ports or services, reload Firewalld to apply the permanent changes:
firewall-cmd --reload
This ensures the changes are applied and removes any runtime changes.
Step 5: Verify Open Ports and Services
To verify that the port or service was successfully opened, you can check the list of active services and open ports:
- List all whitelisted services:bash
sudo firewall-cmd --list-services
- List currently open ports:bash
sudo firewall-cmd --list-ports
By following these steps, you can easily manage port openings in Firewalld, ensuring that the necessary traffic can reach your server while keeping other ports secured.