---
title: "How to Open a Port in Firewalld"
description: "After you install Firewalld, the first thing you'll likely want to do is open a port to connect with web applications on your Linux server. Only dhcp6-client and SSH are enabled by default. However,..."
url: https://www.inmotionhosting.com/support/security/how-to-open-a-port-in-firewalld/
date: 2020-06-10
modified: 2025-03-06
author: "InMotion Hosting Contributor"
image: https://www.inmotionhosting.com/support/wp-content/uploads/2020/06/open-port-firewalld.png
categories: ["Security"]
type: post
lang: en
---

# How to Open a Port in Firewalld

![How to Open a Port in Firewalld](https://www.inmotionhosting.com/support/wp-content/uploads/2020/06/open-port-firewalld-1024x538.png)

After you [install Firewalld](https://www.inmotionhosting.com/support/security/how-to-install-firewalld-on-linux/), the first thing you’ll likely want to do is open a port to connect with web applications on your Linux server. Only dhcp6-client and SSH are enabled by default. However, opening ports with Firewalld is an easy process. The first reason is that the commands are straightforward and easy to remember.

The second reason is that Firewalld allows you to manage well-known ports as predefined “services” for a more human-readable configuration. For example, instead of using `443/tcp`, you can simply use the `https` service. Since services are easier to read than numbers and protocols, it’s best to check if a port is listed as a service before using the port option.

Below, we cover how to [open a port in Firewalld](#open) and [check open ports](#check).

## Open a Port in Firewalld

1. [Log into SSH](https://www.inmotionhosting.com/support/server/ssh/how-to-login-ssh/)
2. Check if the application port is defined as a service (e.g. IMAPS, Kerberos, MySQL): firewall-cmd -get-services
3. If the service is listed, whitelist the service **permanently** in the current [zone](https://www.inmotionhosting.com/support/security/how-to-configure-firewalld-basic-commands/#zones): sudo firewall-cmd --permanent --add-service=SERVICEIf not, open the port **permanently** by specifying the port number and protocol (TCP or UDP): sudo firewall-cmd --permanent --add-port=1234/tcp
4. Reload Firewalld to apply changes:firewall-cmd --reloadReloading will remove [–-runtime changes](https://www.inmotionhosting.com/support/website/security/how-to-configure-firewalld-basic-commands/#runtime) to apply the –permanent configuration.

## Check Open Ports in Firewalld

After you whitelist ports and services, you should ensure your changes are accurate.

1. List whitelisted services in Firewalld:sudo firewall-cmd --list-services
2. List currently open ports in Firewalld:sudo firewall-cmd --list-ports

We recommend [Certbot](https://www.inmotionhosting.com/support/website/ssl/lets-encrypt-ssl-ubuntu-with-certbot/) for creating and maintaining free Let’s Encrypt SSL certificates on non-cPanel cloud servers.

For more in-depth security configurations, check out our article covering [Firewalld commands](https://www.inmotionhosting.com/support/security/how-to-configure-firewalld-basic-commands/). To learn more about VPS security, check out these [24 ways to harden your Linux server](https://www.inmotionhosting.com/support/product-guides/vps-hosting/ways-to-harden-your-vps-hosting/).
