After you install Firewalld, the first thing you’ll likely want to do is open a port to connect with web applications on your Linux server. Only dhcp6-client and SSH are enabled by default. However, opening ports with Firewalld is an easy process. The first reason for this is the commands are straight-forward and easy to remember.
The second reason is that Firewalld allows you to manage well-known ports as predefined “services” for a more human-readable configuration. For example, instead of using
tcp, you can simply use the
https service. Since services are easier to read than numbers and protocols, it’s best to check if a port is listed as a service before using the port option.
Below we cover how to open a port in Firewalld and check open ports.
Get speed, security, and three Linux OS choices today with our Cloud Server Hosting.
Open a Port in Firewalld
- Log into SSH
- Check if the application port is defined as a service (e.g. IMAPS, Kerberos, MySQL):
- If the service is listed, whitelist the service permanently in the current zone:
sudo firewall-cmd --permanent --add-service=SERVICE
If not, open the port permanently by specifying the port number and protocol (TCP or UDP):
sudo firewall-cmd --permanent --add-port=1234/tcp
- Reload Firewalld to apply changes:
Reloading will remove –-runtime changes to apply the –permanent configuration.
Check Open Ports in Firewalld
After you whitelist ports and services, you should ensure your changes are accurate.
- List whitelisted services in Firewalld:
sudo firewall-cmd --list-services
- List currently open ports in Firewalld:
sudo firewall-cmd --list-ports
We recommend Certbot for creating and maintaining free Let’s Encrypt SSL certificates on non-cPanel cloud servers.
For more in-depth security configurations, check out our article covering Firewalld commands. To learn more about VPS security, check out these 24 ways to harden your Linux server.