Posted on June 11, 2019 by Team CodeForHost
How to Open firewall port on CentOS 7
CentOS (RHEL) 7, has changed the firewall to use firewall-cmd
which has a notion of zones which is like a Windows version of Public, Home, and Private networks. You should look here to figure out which one you think you should use. EL7 uses public
by default, so that is what my examples below use.
You can check which zone you are using with firewall-cmd --list-all
and change it with firewall-cmd --set-default-zone=<zone>
.
You will then know what zone to allow a service (or port) on:
firewall-cmd --permanent --zone=<zone> --add-service=http
firewall-cmd --permanent --zone=<zone> --add-port=80/tcp
You can check if the port has actually be opened by running:
firewall-cmd --zone=<zone> --query-port=80/tcp
firewall-cmd --zone=<zone> --query-service=http
According to the documentation,
You can reload the firewall settings with: firewall-cmd --reload
.
Alternative Solution 1:
Use this command to find your active zone(s):
firewall-cmd --get-active-zones
It will say either public, DMZ, or something else. You should only apply to the zones required.
In the case of public try:
firewall-cmd --zone=public --add-port=2888/tcp --permanent
Then remember to reload the firewall for changes to take effect.
firewall-cmd --reload
Otherwise, substitute public for your zone, for example, if your zone is DMZ:
firewall-cmd --zone=dmz --add-port=2888/tcp --permanent
if not work it is also useful to know that you can use:
firewall-cmd --permanent --zone=public --add-port=2888/tcp
but if is a known service, you can use:
firewall-cmd --permanent --zone=public --add-service=http
and then reload the firewall
firewall-cmd --reload
If you are familiar with iptables service like in centos 6 or earlier, you can still use iptables service by manual installation:
step 1 => install epel repo
yum install epel-release
step 2 => install iptables service
yum install iptables-services
step 3 => stop firewalld service
systemctl stop firewalld
step 4 => disable firewalld service on startup
systemctl disable firewalld
step 5 => start iptables service
systemctl start iptables
step 6 => enable iptables on startup
systemctl enable iptables
finally, you’re now can editing your iptables config at /etc/sysconfig/iptables.
So -> edit rule -> reload/restart.
do like older centos with the same function as a firewall.