firewall-cmd - firewalld command line client
Open 123 UDP port (ntp service)
[tuyendq@rhel1 ~]$sudo firewall-cmd --zone=public --add-port=123/udp --permanent
[tuyendq@rhel1 ~]$sudo firewall-cmd --reload
[tuyendq@rhel1 ~]$sudo firewall-cmd --zone=public --list-all
 |
| RHEL: using firewall-cmd to open firewall port - 123/udp (ntp service) |
 |
| Synchronize time with ntp service: time-b.practicehabits.net |
Check firewalld status
sudo firewall-cmd --state
Check open ports in 'public' zone
sudo firewall-cmd --zone=public --list-ports
Add and remove ports to 'public' zone
sudo firewall-cmd --zone=public --add-port=3000-3001/tcp
sudo firewall-cmd --zone=public --remove-port=3000-3001/tcp
Open zabbix agent port 10050/tcp
# firewall-cmd --zone=public --add-port=10050/tcp
Open 21 TCP port (ftp service)
[tuyendq@rhel1 ~]$ sudo firewall-cmd --zone=public --add-port=21/tcp --permanent success [tuyendq@rhel1 ~]$ sudo firewall-cmd --reload success [tuyendq@rhel1 ~]$ sudo firewall-cmd --zone=public --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: ssh dhcpv6-client ports: 110/tcp 25/tcp 1352/tcp 80/tcp 443/tcp 993/tcp 995/tcp 465/tcp 143/tcp 80/udp 123/udp 8080/tcp 8443/tcp 3000/tcp 10050/tcp 21/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
firewall-cmd cheatsheet
firewall-cmd --state : Check firewalld state firewall-cmd --list-all firewall-cmd --get-zones : List all zones firewall-cmd --get-active-zone : Get active zone firewall-cmd --zone=public --add-port=80/tcp /var/log/firewalld : firewalld log file