You can add the ports with the following command:
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --reload
SMTP port allow:
firewall-cmd --permanent --add-port=25/tcp
firewall-cmd --permanent --add-port=25/udp
firewall-cmd --reload
HTTP 8080 Port allow:
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=8080/udp
firewall-cmd --reload
You can add the service with the following command:
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=telnet
firewall-cmd --permanent --add-service=smtp
firewall-cmd --permanent --add-service=snmp
You can print the whole Firewalld configuration with the following command:
firewall-cmd --list-all
to see what services are allowed to have open ports:
firewall-cmd --list-services
firewall-cmd --list-ports
You can remove the service with the following command:
firewall-cmd --permanent --remove-service=ssh
firewall-cmd --permanent --remove-service=telnet
firewall-cmd --permanent --remove-service=dns
firewall-cmd --permanent --remove-service=dhcpv6-client
check open port from another server:
nmap -sT 113.21.228.1
--to check firewalld stop/start/status
systemctl stop firewalld
systemctl start firewalld
systemctl status firewalld
--Disable the FirewallD service to start automatically on system boot:
systemctl disable firewalld
Rich Rules:
-- Add Rich Rule
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="113.21.229.224/27" port port="804" protocol="tcp" accept'
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv6" source address="2400:f940::/32" port port="804" protocol="tcp" accept'
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="0.0.0.0/0" port port="804" protocol="tcp" reject'
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv6" source address="::/0" port port="804" protocol="tcp" reject'
--Check Rich Rule
firewall-cmd --list-rich-rules
--Remove Rich Rule
firewall-cmd --permanent --zone=public --remove-rich-rule 'rule family="ipv4" source address="0.0.0.0/0" port port="804" protocol="tcp" reject'
firewall-cmd --permanent --zone=public --remove-rich-rule 'rule family="ipv6" source address="::/0" port port="804" protocol="tcp" reject'
Wednesday, 14 May 2025
firewall-cmd on Centos7
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment