Getting started with Linux: Enable the port on CentOS or RHEL Firewall
Q: I am running a web page or file server on CentOS and want to remotely access the server. Therefore, I need to change the firewall rules to allow access to a TCP port on the system. So, how can I enable the TCP/UDP port on the firewall of CentOS or RHEL system?
If you want to provide services on servers, such as CentOS or RHEL enterprise-level Linux distributions contain powerful built-in firewalls, their default firewall rules are very strict. Therefore, if you have installed any customized services (such as web servers, NFS, and Samba), their traffic may be blocked by firewall rules. Therefore, you need to enable necessary ports on the firewall to allow traffic to pass through.
In CentOS/RHEL 6 or earlier versions, iptables allows users to interact with the netfilter kernel module to configure firewall rules in user space. However, from CentOS/RHEL 7, a new user space interface called firewalld was introduced to replace the iptables service.
Use this command to view the current firewall rules:
$ sudo iptables -L
Now, let's see how to modify the firewall on CentOS/RHEL to enable a port.
Enable port on CentOS/RHEL 7
After CentOS/RHEL 7 is started, firewall rule settings are managed by the firewalld service process by default. A command line client named firewall-cmd can communicate with this daemon to permanently modify firewall rules.
Use these commands to permanently open a new port (such as TCP/80 ).
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent$ sudo firewall-cmd --reload
If the "-- permanent" flag is not used, firewall rules will become invalid after being restarted.
Enable port on CentOS/RHEL 6
In CentOS/RHEL 6 or later versions, the iptables service maintains firewall rules.
Use the first command of iptables to open a new TCP/UDP port through the firewall. In order to permanently Save the modified rules, the second command is required.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT$ sudo service iptables save
Another method is to use a firewall client named system-config-firewall-tui as the command line user interface (TUI.
$ sudo system-config-firewall-tui
Select the Customize button in the middle and press ENTER.
To modify the firewall for any known service (such as a web server), you only need to check the service and disable the tool. If you want to enable any TCP/UDP port, select the "Forward" button and enter the next interface.
Select "Add" to Add a new rule.
Specify a port (such as 80), a port range (such as 3000-3030), and a protocol (such as tcp or udp ).
Finally, save the modified configuration and close the tool. In this way, the firewall is permanently saved.
Linux iptables firewall basic application tutorial
Configure network firewalls and user groups in CentOS-6.4-minimal
Linux Firewall iptables tutorial
Deployment of professional Web application firewall with Nginx + Naxsi
Linux Firewall iptables configuration