fbpx
15007474154_bef75d8c72_z

How to Open firewall port on CentOS 7

CentOS (RHEL) 7, has changed the firewall to use firewall-cmd which has a notion of zones which is like a Windows version of Public, Home, and Private networks. You should look here to figure out which one you think you should use. EL7 uses public by default, so that is what my examples below use.

You can check which zone you are using with firewall-cmd --list-all and change it with firewall-cmd --set-default-zone=<zone>.

You will then know what zone to allow a service (or port) on:

firewall-cmd --permanent --zone=<zone> --add-service=http

firewall-cmd --permanent --zone=<zone> --add-port=80/tcp

You can check if the port has actually be opened by running:

firewall-cmd --zone=<zone> --query-port=80/tcp

firewall-cmd --zone=<zone> --query-service=http

According to the documentation,

You can reload the firewall settings with: firewall-cmd --reload.

Alternative Solution 1:

Use this command to find your active zone(s):

firewall-cmd --get-active-zones

It will say either public, DMZ, or something else. You should only apply to the zones required.

In the case of public try:

firewall-cmd --zone=public --add-port=2888/tcp --permanent

Then remember to reload the firewall for changes to take effect.

firewall-cmd --reload

Otherwise, substitute public for your zone, for example, if your zone is DMZ:

firewall-cmd --zone=dmz --add-port=2888/tcp --permanent

if not work it is also useful to know that you can use:

firewall-cmd --permanent --zone=public --add-port=2888/tcp 

but if is a known service, you can use:

firewall-cmd --permanent --zone=public --add-service=http 

and then reload the firewall

firewall-cmd --reload

If you are familiar with iptables service like in centos 6 or earlier, you can still use iptables service by manual installation:

step 1 => install epel repo

yum install epel-release

step 2 => install iptables service

yum install iptables-services

step 3 => stop firewalld service

systemctl stop firewalld

step 4 => disable firewalld service on startup

systemctl disable firewalld

step 5 => start iptables service

systemctl start iptables

step 6 => enable iptables on startup

systemctl enable iptables

finally, you’re now can editing your iptables config at /etc/sysconfig/iptables.

So -> edit rule -> reload/restart.

do like older centos with the same function as a firewall.