How to Open a Port in Firewalld

After you install Firewalld, the first thing you’ll likely want to do is open a port to connect with web applications on your Linux server. Only dhcp6-client and SSH are enabled by default. However, opening ports with Firewalld is an easy process. The first reason for this is the commands are straight-forward and easy to remember.

The second reason is that Firewalld allows you to manage well-known ports as predefined “services” for a more human-readable configuration. For example, instead of using 443/tcp, you can simply use the https service. Since services are easier to read than numbers and protocols, it’s best to check if a port is listed as a service before using the port option.

Below we cover how to open a port in Firewalld and check open ports.

Upgrade to VPS Hosting for Peak Performance

Upgrade to InMotion VPS Hosting today for top-notch performance, security, and flexibility, and save up to $2,493 – a faster, stronger hosting solution is just a click away!

check markDedicated Resources check markNVMe SSD Storage check markHigh-Availability check markIronclad Security check markPremium Support

VPS Hosting Plans

Open a Port in Firewalld

  1. Log into SSH
  2. Check if the application port is defined as a service (e.g. IMAPS, Kerberos, MySQL):
    firewall-cmd -get-services
  3. If the service is listed, whitelist the service permanently in the current zone:
    sudo firewall-cmd --permanent --add-service=SERVICE

    If not, open the port permanently by specifying the port number and protocol (TCP or UDP):
    sudo firewall-cmd --permanent --add-port=1234/tcp
  4. Reload Firewalld to apply changes:
    firewall-cmd --reload

    Reloading will remove –-runtime changes to apply the –permanent configuration.

Check Open Ports in Firewalld

After you whitelist ports and services, you should ensure your changes are accurate.

  1. List whitelisted services in Firewalld:
    sudo firewall-cmd --list-services
  2. List currently open ports in Firewalld:
    sudo firewall-cmd --list-ports

We recommend Certbot for creating and maintaining free Let’s Encrypt SSL certificates on non-cPanel cloud servers.

For more in-depth security configurations, check out our article covering Firewalld commands. To learn more about VPS security, check out these 24 ways to harden your Linux server.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

Was this article helpful? Join the conversation!