`firewalld` is a dynamic firewall management tool in Linux that provides a flexible way to manage network traffic. You can easily add or remove ports and services to control the flow of traffic to and from your server. Below are examples showing how to add a port and a service using `firewalld`.

 

  1. Adding a Port to `firewalld`

 

Sometimes you need to allow traffic on a specific port, such as when setting up a new service or application that listens on a custom port.

 

Example: Allowing Port 8080

 

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent

 

– Explanation:

  – `–zone=public`: Specifies the zone where the rule applies. The `public` zone is the default for most systems.

  – `–add-port=8080/tcp`: Opens port 8080 for TCP traffic. Replace `tcp` with `udp` if you’re dealing with UDP traffic.

  – `–permanent`: Ensures the rule persists after a system reboot.

 

Reload `firewalld` to Apply the Changes:

 

sudo firewall-cmd --reload

 

Verify the Port is Open:

 

sudo firewall-cmd --zone=public --query-port=8080/tcp

 

If the port is successfully added, the command will return `yes`.

 

  1. Adding a Service to `firewalld`

 

Services in `firewalld` are predefined sets of rules that correspond to well-known protocols, such as HTTP, HTTPS, or SSH. Adding a service allows traffic for all ports associated with that service.

 

Example: Allowing the HTTP Service

 

sudo firewall-cmd --zone=public --add-service=http --permanent

 

– Explanation:

  – `–add-service=http`: Opens ports associated with the HTTP service, typically port 80.

  – `–permanent`: Ensures the change persists across reboots.

 

Reload `firewalld` to Apply the Changes:

 

sudo firewall-cmd --reload

 

Verify the Service is Enabled:

 

sudo firewall-cmd --zone=public --query-service=http

 

If the service is successfully added, the command will return `yes`.

 

  1. Temporary vs. Permanent Rules

 

– Temporary Rules: If you omit the `–permanent` flag, the rule is temporary and will be lost after a reboot. Temporary rules are useful for testing purposes.

– Permanent Rules: Adding the `–permanent` flag ensures that the rule is saved and applied automatically after reboots.

 

  1. Removing a Port or Service

 

To remove a port or service, use the `–remove-port` or `–remove-service` option, respectively.

 

Example: Removing Port 8080

 

sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent

sudo firewall-cmd --reload

Example: Removing the HTTP Service

 

sudo firewall-cmd --zone=public --remove-service=http --permanent

sudo firewall-cmd --reload

Using `firewalld`, you can easily manage the security of your Linux system by adding or removing ports and services. Whether you’re configuring a server for the first time or adjusting settings for a new application, `firewalld` offers the flexibility and control you need to secure your environment.

 

About the Author: Vladislav Antoseac

Share This Post, Choose Your Platform!

Request a Consultation