Tuesday, November 25, 2014

Adding Allowed Ports for Firewalld

Fedora Linux, CentOS and Redhat Linux distributions have a firewall called Firewalld.This is a note on adding allowed TCP/UDP ports to the firewall.

  1. Add a port, for instance, add a TCP port 63221 to be allowed by the firewall.
      sudo firewall-cmd --zone=public --add-port=63221/tcp
    Firewalld has a few zones. The public is for accepting incoming connection on a given port from other computers, in the above example, on TCP port 63221, since you do not trust the other computers on networks not to harm your computer.

    Be aware that the addition of the port will be effective upon the completion of the above operation; however, it is not persistent, i.e., it will not survive from reloading firewall or rebooting the system. In next step, we will make the change persistent.
  2. Make the firewall rule change permanent. For instance, to add TCP port 63221 to the allowed list of ports, we do
      sudo firewall-cmd --permanent --zone=public --add-port=63221/tcp
    Be aware that in the above, the rule does not go into effective until Firewalld is reloaded or the system is rebooted. That is to say, without reloading Firewalld or rebooting the system, we will have to run both of the above two steps to make the firewall rule change effective and permanent.
To learn more about firewalld, you may consult the manual page of firewall-cmd and visit the Fedora Project Wiki.

No comments:

Post a Comment