Getting started with Linux: Enable the port on CentOS or RHEL Firewall

Source: Internet
Author: User

Getting started with Linux: Enable the port on CentOS or RHEL Firewall

Q: I am running a web page or file server on CentOS and want to remotely access the server. Therefore, I need to change the firewall rules to allow access to a TCP port on the system. So, how can I enable the TCP/UDP port on the firewall of CentOS or RHEL system?

If you want to provide services on servers, such as CentOS or RHEL enterprise-level Linux distributions contain powerful built-in firewalls, their default firewall rules are very strict. Therefore, if you have installed any customized services (such as web servers, NFS, and Samba), their traffic may be blocked by firewall rules. Therefore, you need to enable necessary ports on the firewall to allow traffic to pass through.

In CentOS/RHEL 6 or earlier versions, iptables allows users to interact with the netfilter kernel module to configure firewall rules in user space. However, from CentOS/RHEL 7, a new user space interface called firewalld was introduced to replace the iptables service.

Use this command to view the current firewall rules:

$ sudo iptables -L 

Now, let's see how to modify the firewall on CentOS/RHEL to enable a port.

Enable port on CentOS/RHEL 7

After CentOS/RHEL 7 is started, firewall rule settings are managed by the firewalld service process by default. A command line client named firewall-cmd can communicate with this daemon to permanently modify firewall rules.

Use these commands to permanently open a new port (such as TCP/80 ).

$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent$ sudo firewall-cmd --reload 

If the "-- permanent" flag is not used, firewall rules will become invalid after being restarted.

Enable port on CentOS/RHEL 6

In CentOS/RHEL 6 or later versions, the iptables service maintains firewall rules.

Use the first command of iptables to open a new TCP/UDP port through the firewall. In order to permanently Save the modified rules, the second command is required.

$ sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT$ sudo service iptables save 

Another method is to use a firewall client named system-config-firewall-tui as the command line user interface (TUI.

$ sudo system-config-firewall-tui

Select the Customize button in the middle and press ENTER.

To modify the firewall for any known service (such as a web server), you only need to check the service and disable the tool. If you want to enable any TCP/UDP port, select the "Forward" button and enter the next interface.

Select "Add" to Add a new rule.

Specify a port (such as 80), a port range (such as 3000-3030), and a protocol (such as tcp or udp ).

Finally, save the modified configuration and close the tool. In this way, the firewall is permanently saved.

Linux iptables firewall basic application tutorial

Configure network firewalls and user groups in CentOS-6.4-minimal

Linux Firewall iptables tutorial

Deployment of professional Web application firewall with Nginx + Naxsi

Linux Firewall iptables configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.