In Fedora/CentOS/RedHat, the firewall is on by default. This is a good secure-by-default practice. If you do not know that the firewall is on though, you may be wondering why you cannot connect to a web service that is listening on your machine and works fine locally, but external connections cannot be made.
This example will demonstrate how to open inbound ports and also check what ports, service, and zones are available on your machine.
Show current rules
Some rules may have been added as ports or as services.
firewall-cmd --list-all firewall-cmd --list-ports firewall-cmd --list-services
Before adding a rules you need to know which zone you are adding it to. You can list all the zones with the following command.
In most common cases, you want to use the
public zone or
FedoraServer to allow or block traffic to the machine from other IPs.
Add a service/port
Note the difference between
Services can be defined in
firewall-cmd --add-port=8009/tcp --permanent firewall-cmd --reload
--permanent flag, it will not persist after reboot.
You may want to specify the zone. Usually omitting it and leaving it to the default is what you want.
firewall-cmd --add-port=8009/tcp --permanent --zone=public
Remove a service/port
To remove a port, follow a similar process but call
Be sure to reload also.
firewall-cmd --remove-port=8009/tcp --permanent firewall-cmd --reload
After reading this, you should understand how to open inbound ports on firewalld in Linux using