How to open a port on a centos firewall

Source: Internet
Author: User
Tags centos iptables

If you want to provide services on the server, the enterprise-class Linux distributions, such as CentOS or RHEL, contain built-in powerful firewalls, and their default firewall rules are very stringent. Therefore, if you install any custom services (such as Web servers, NFS, and Samba), their traffic is likely to be blocked by firewall rules. So you need to open the necessary ports on the firewall to allow traffic to pass.

On Centos/rhel 6 or earlier, the Iptables service allows users to interact with the NetFilter kernel module to configure firewall rules in user space. However, starting with Centos/rhel 7, a new user space interface called FIREWALLD was introduced to replace the Iptables service.

Use this command to view the current firewall rules:

The code is as follows:

$ sudo iptables-l

Now, let's see how to modify the firewall on the Centos/rhel to open a port.

Open the port on Centos/rhel 7

After starting Centos/rhel 7, firewall rule settings are managed by the FIREWALLD service process by default. A command line client called Firewall-cmd supports and communicates with this daemon to permanently modify firewall rules.

Use these commands to permanently open a new port (such as TCP/80).

The code is as follows:

$ sudo firewall-cmd--zone=public--add-port=80/tcp--permanent

$ sudo firewall-cmd--reload

If you do not use the "--permanent" tag, the firewall rules will fail after reboot.

Open the port on Centos/rhel 6

On Centos/rhel 6 or earlier systems, the Iptables service is responsible for maintaining firewall rules.

Use the first command of Iptables to open a new TCP/UDP port through the firewall. To permanently save the modified rule, you need a second command.

The code is as follows:

$ sudo iptables-i input-p tcp-m tcp--dport 80-j ACCEPT

$ sudo service iptables save

Another approach is through a firewall client named System-config-firewall-tui, a command line user interface (TUI).

The code is as follows:

$ sudo system-config-firewall-tui

Select the "Customize" button located in the middle, and press the ENTER key.

If you want to modify a firewall for any known service, such as a Web server, simply tick the service and close the tool. If you want to open any TCP/UDP port, select the "Forward" button, and then go to the next interface.

Select the "Add" button to add a new rule.

Specify a port (such as 80) or a range of ports (such as 3000-3030) and protocols (such as TCP or UDP).

Finally, save the modified configuration and close the tool. In this way, the firewall is permanently preserved.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

11.11 Big Sale for Cloud

Get Unbeatable Offers with up to 90% Off,Oct.24-Nov.13 (UTC+8)

Get It Now >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.