Sysadmin Tips

Something I deal with pretty regularly is needing to open ports on a server, typically for HTTP, MySQL and other various services. In the past, IPTables was used to handle this, but on more recent versions of Centos and other Linux distros, FirewallD is the default.

Resisting my typical urge to keep using what I know, I've started using FirewallD for any new servers that I set up, but I can never seem to remember the commands I need to use , so I'm putting them here for my use, and for anybody else that may find this handy.

First, ensure that FirewallD is running and enabled on your server using systemctl enable firewalld and systemctl start firewalld.

Next, you need to create the rule for the port that you want to open:

firewall-cmd --zone=public --add-port=443/tcp --permanent

This command will open port 443 for TCP (change to udp if that's what you want and add the rule permanently (if you don't include this, a reboot will lose your rule)

Any time you make changes to the firewall rules, you need to make sure that you reload the set of rules.

firewall-cmd --reload

And that should do it!

Other useful commands

firewall-cmd --list-all Shows a list of all ports that have been opened

firewall-cmd --new-zone=office --permanent firewall-cmd --reload firewall-cmd --zone=office --add-source=1.2.3.4/32 --permanent firewall-cmd --zone=office --add-port=4567/tcp --permanent Adds a new zone and allows only a specific ip and port connection