Internet Security

How To Add Port To Firewall Centos 7

Did you know that adding ports to the firewall in CentOS 7 is an essential step in securing your server and protecting it from unauthorized access? By configuring the firewall to allow specific ports, you can control the inbound and outbound network traffic, ensuring only the necessary services are accessible.

To add a port to the firewall in CentOS 7, you need to access the server with administrative privileges and use the firewall-cmd command-line tool. This powerful tool allows you to manipulate the firewall rules and define the port you want to open. By following a few simple steps, you can strengthen the security of your CentOS 7 server and safeguard your data.



How To Add Port To Firewall Centos 7

Understanding Firewall and Ports in Centos 7

The firewall is a crucial element in ensuring the security of a server or computer system. It acts as a barrier between the network and the outside world, controlling the flow of incoming and outgoing traffic. In CentOS 7, the default firewall is called firewalld. It is a powerful and flexible tool that allows you to add, remove, or modify rules to control the traffic that can pass through the system based on predefined rules and settings.

Why Add a Port to the Firewall?

When setting up services or applications on a CentOS 7 system, you may need to add specific ports to the firewall configuration to allow incoming traffic. Each service or application usually runs on a specific port number, and without adding that port to the firewall, external systems will be unable to establish a connection to your system. Therefore, being able to add ports to the firewall in CentOS 7 is essential for ensuring the accessibility and functionality of the services or applications you are running.

Understanding Ports

In computer networking, a port is an endpoint through which data can be exchanged between different devices or services. Ports are identified by numbers, and each port is associated with a specific protocol or service. For instance, port 80 is associated with the HTTP protocol, which is used for serving web pages, while port 22 is associated with the SSH protocol, which is used for secure remote access.

Ports are divided into three ranges: well-known ports (0-1023), registered ports (1024-49151), and dynamic or private ports (49152-65535). Well-known ports are typically used by widely-used services or protocols, while registered ports are used by specific applications or services. Dynamic ports are not assigned to any specific service and can be used by applications as needed.

Types of Firewall Rules

In CentOS 7, the firewall rules are organized into zones, and each zone can have its own set of rules. Some of the common firewall rules that can be added to enable or disable ports are:

  • Allow: This rule allows traffic on a specified port or protocol.
  • Block: This rule blocks traffic on a specified port or protocol.
  • Reject: This rule drops the packets and sends a response to the sender that the packet was rejected.
  • Masquerade: This rule enables Network Address Translation (NAT) for outgoing traffic.

Adding a Port to the Firewall in CentOS 7

Adding a port to the firewall in CentOS 7 involves a few simple steps. Here's how you can do it:

Step 1: Open the Desired Firewall Port

To open a specific port on the firewall, you must first identify the zone to which the port belongs. Each zone has its own set of rules. The default zone in CentOS 7 is the 'public' zone.

Zone Description
public A network that is not trusted, typically used for public Wi-Fi
private A network that is considered safe, typically used for home or office networks
work A network that is considered safe, typically used for work networks
dmz A network that is exposed to the internet, typically used for web servers or public-facing services

Once you have identified the zone, you can use the following command to add the port to the specific zone:

sudo firewall-cmd --zone=<zone> --add-port=<port>/<protocol> [--permanent]

Replace <zone> with the desired zone and <port>/<protocol> with the port and protocol you want to add. For example, to open port 80 for TCP traffic in the public zone, you would use the following command:

sudo firewall-cmd --zone=public --add-port=80/tcp

The --permanent flag is optional and makes the rule permanent, meaning it will persist across reboots. If you omit this flag, the rule will only be active until the next system reboot.

Step 2: Reload the Firewall Configuration

After adding the port to the firewall configuration, you need to reload the firewall to apply the changes. Use the following command to reload the firewall:

sudo firewall-cmd --reload

Step 3: Verify the Firewall Rules

To verify that the port has been successfully added to the firewall rules, you can use the following command:

sudo firewall-cmd --list-ports

This command will display a list of all the ports that are currently allowed by the firewall.

Step 4: Test the Port Accessibility

Lastly, you can test the accessibility of the port from an external system. You can use tools like telnet or nc (netcat) to establish a connection to the port. For example:

telnet <server-ip-address> <port>

If the port is open and accessible, you should see a successful connection message. If the port is closed or blocked, you will not be able to establish a connection.

Exploring Additional Firewall Configuration in CentOS 7

In addition to adding ports to the firewall, CentOS 7 also provides a range of other firewall configuration options. Let's explore some of them:

Opening a Port Range

If you need to open a range of ports instead of a single port, you can use the following command:

sudo firewall-cmd --zone=<zone> --add-port=<start-port>-<end-port>/<protocol> [--permanent]

Replace <zone> with the desired zone and <start-port>-<end-port>/<protocol> with the starting and ending ports of the range and protocol you want to add. For example, to open ports 8000 to 9000 for TCP traffic in the public zone, you would use the following command:

sudo firewall-cmd --zone=public --add-port=8000-9000/tcp

Removing a Port from the Firewall

If you need to remove a port from the firewall configuration, you can use the following command:

sudo firewall-cmd --zone=<zone> --remove-port=<port>/<protocol> [--permanent]

Replace <zone> with the desired zone and <port>/<protocol> with the port and protocol you want to remove. For example, to remove port 80 for TCP traffic from the public zone, you would use the following command:

sudo firewall-cmd --zone=public --remove-port=80/tcp

Blocking Incoming Traffic

If you want to block incoming traffic from a specific IP address or CIDR range, you can use the following command:

sudo firewall-cmd --zone=<zone> --add-source=<ip-address-or-cidr-range> [--permanent]

Replace <zone> with the desired zone and <ip-address-or-cidr-range> with the IP address or CIDR range you want to block. For example, to block incoming traffic from the IP address 192.168.1.100 in the public zone, you would use the following command:

sudo firewall-cmd --zone=public --add-source=192.168.1.100

Viewing Active Firewall Rules

To view the currently active firewall rules and configuration, you can use the following command:

sudo firewall-cmd --list-all

This command will display detailed information about the active firewall zones, services, ports, and sources.

By understanding these additional firewall configuration options in CentOS 7, you can have more control over the traffic that can pass through your system and enhance the security of your server or computer.

In conclusion, adding ports to the firewall in CentOS 7 is essential for allowing specific incoming traffic to reach your system. By following the steps outlined in this article, you can configure the firewall to allow connections to your desired ports, ensuring the accessibility and functionality of the services or applications running on your CentOS 7 system. Additionally, exploring other firewall configuration options provides you with the flexibility to customize the traffic rules according to your specific security requirements. By leveraging the power of firewalld in CentOS 7, you can enhance the security and control the network traffic on your system effectively.


How To Add Port To Firewall Centos 7

Adding Ports to Firewall in CentOS 7

Firewall plays a crucial role in protecting your system from unauthorized access and potential threats. If you are using CentOS 7, you might need to add specific ports to the firewall to allow incoming and outgoing network traffic for certain applications or services. Here is a step-by-step guide to adding ports to the firewall in CentOS 7:

Using the Firewalld Service

1. Open the terminal on your CentOS 7 system.

2. Check if the Firewalld service is running by entering the command: sudo systemctl status firewalld.

3. If the Firewalld service is not running, start it by entering the command: sudo systemctl start firewalld.

4. To add a port, run the command: sudo firewall-cmd --permanent --add-port=[port_number]/[protocol].

Reloading Firewall Configuration

5. Once the port is added, reload the firewall configuration using the command: sudo firewall-cmd --reload.

6. Verify if the port is added successfully by running the command: sudo firewall-cmd --list-ports.

By following these steps, you can easily add ports to the firewall in CentOS 7, ensuring that your system remains secure while allowing necessary network connections.


Key Takeaways: How to Add Port to Firewall Centos 7

  • Adding a port to a firewall in CentOS 7 is essential for managing network security.
  • You can open a specific port by using the firewall-cmd command with the --add-port flag.
  • The syntax for adding a port is firewall-cmd --add-port=/ [--permanent].
  • Replace with the desired port number and with either tcp or udp.
  • If you want the port to persist after a system reboot, add the --permanent option.

Frequently Asked Questions

In this section, we will address common questions related to adding ports to the firewall in CentOS 7.

1. How do I check if a specific port is open on my CentOS 7 firewall?

To check if a specific port is open on your CentOS 7 firewall, you can use the "firewall-cmd" command followed by the "list-ports" option and the specific port number. For example:

sudo firewall-cmd --list-ports | grep 80

This command will display the list of open ports on your firewall that includes port 80.

2. How can I add a port to the firewall in CentOS 7?

To add a port to the firewall in CentOS 7, you need to use the "firewall-cmd" command followed by the "add-port" option and the port number. Here is an example:

sudo firewall-cmd --add-port=8080/tcp

This command will add port 8080 to the firewall and enable incoming TCP traffic on that port.

3. Can I add a port with a specific protocol to the firewall?

Yes, you can add a port with a specific protocol to the firewall in CentOS 7. When using the "firewall-cmd" command to add a port, you can specify the protocol using the "--permanent" option. For example:

sudo firewall-cmd --permanent --add-port=443/tcp

This command will add port 443 with the TCP protocol to the firewall permanently.

4. How do I remove a port from the firewall in CentOS 7?

To remove a port from the firewall in CentOS 7, you can use the "firewall-cmd" command followed by the "remove-port" option and the port number. Here is an example:

sudo firewall-cmd --remove-port=8080/tcp

This command will remove port 8080 from the firewall, effectively disabling incoming TCP traffic on that port.

5. Do I need to restart my CentOS 7 firewall after adding or removing ports?

No, you do not need to restart your CentOS 7 firewall after adding or removing ports. The changes you make using the "firewall-cmd" command are applied immediately.



Adding a port to the firewall in CentOS 7 is a straightforward process that can help improve security and control access to your system. By following the steps outlined in this guide, you can easily configure the appropriate firewall rules.

First, it is crucial to understand the specific port you want to add and the protocol it uses (TCP or UDP). Then, use the 'firewall-cmd' command to open the desired port and make it accessible. Remember to reload the firewall rules after adding the port.


Recent Post