How to Open a Port in Firewalld

After you install Firewalld, the first thing you’ll likely want to do is open a port to connect with web applications on your Linux server. Only dhcp6-client and SSH are enabled by default. However, opening ports with Firewalld is an easy process. The first reason is that the commands are straightforward and easy to remember.

The second reason is that Firewalld allows you to manage well-known ports as predefined “services” for a more human-readable configuration. For example, instead of using 443/tcp, you can simply use the https service. Since services are easier to read than numbers and protocols, it’s best to check if a port is listed as a service before using the port option.

Below, we cover how to open a port in Firewalld and check open ports.

Open a Port in Firewalld

Log into SSH
Check if the application port is defined as a service (e.g. IMAPS, Kerberos, MySQL):
```
firewall-cmd -get-services
```
If the service is listed, whitelist the service permanently in the current zone:
```
sudo firewall-cmd --permanent --add-service=SERVICE
```
If not, open the port permanently by specifying the port number and protocol (TCP or UDP):
```
sudo firewall-cmd --permanent --add-port=1234/tcp
```
Reload Firewalld to apply changes:
```
firewall-cmd --reload
```
Reloading will remove –-runtime changes to apply the –permanent configuration.

Check Open Ports in Firewalld

After you whitelist ports and services, you should ensure your changes are accurate.

List whitelisted services in Firewalld:
```
sudo firewall-cmd --list-services
```
List currently open ports in Firewalld:
```
sudo firewall-cmd --list-ports
```

We recommend Certbot for creating and maintaining free Let’s Encrypt SSL certificates on non-cPanel cloud servers.

For more in-depth security configurations, check out our article covering Firewalld commands. To learn more about VPS security, check out these 24 ways to harden your Linux server.

Share this Article

Need More Help?