• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Add or Remove Ports when firewalld is Disabled

by admin

There may be a case when you need to add or remove ports when firewalld is disabled. In such cases “firewall-offline-cmd” can be used as it is an offline command-line client of the firewalld daemon. A port can be added or removed via firewall-offline-cmd in case firewalld is not active.

Note: Please make sure to use the command firewall-offline-cmd to add or remove ports only when firewalld is disabled.

Verify firewalld sattus

Before we proceed, make sure the firewalld status is offline (dead).

# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

The status of firewalld is inactive(dead) as per above output.

Adding Port to default zone

1. The syntax to add a port with firewall-offline-cmd is:

# firewall-offline-cmd --port=[port]:tcp

2. Now lets try adding a port 9988:

#  firewall-offline-cmd --add-port=9988:tcp
Adding port '9988/tcp' to default zone.
success

By default when you do not provide the zone name, the “default” zone is used for adding the port.

3. To verify the port addition:

# firewall-offline-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: ssh dhcpv6-client
  ports: 9988/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Adding Port to a Specific Zone

1. The syntax to add a port in a specific zone is:

# firewall-offline-cmd --zone=[zone-name] --add-port=[port]:tcp

2. For example add 9988 port to the zone “myzone” :

# firewall-offline-cmd --zone=myzone --add-port=9988/tcp
success

Here the port 9988/tcp is added to the “myzone” zone.

3. To verify the port addition:

# firewall-offline-cmd --zone=myzone --list-all
myzone
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: 
  ports: 9988/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Removing the Port

1. To remove a port from the default zone:

# firewall-offline-cmd --remove-port=[port]/tcp

2. To remove it from a specific zone:

# firewall-offline-cmd --zone= --remove-port=[port]/tcp

3. To verify the port removal, use the below commands:

For default zone:

# firewall-offline-cmd --list-all

For a specific zone (myzone):

# firewall-offline-cmd --zone=myzone --list-all

To know more about firewall-offline-cmd command, refer to its man page:

$ man firewall-offline-cmd

Filed Under: CentOS/RHEL, Linux

Some more articles you might also be interested in …

  1. UNIX / Linux : Examples of bash history command to repeat last commands
  2. How To Use distro-sync Option With dnf To Upgrade OS (CentOS/RHEL 8)
  3. Active FTP vs. Passive FTP
  4. How to Install and Configure Kerberos in CentOS/RHEL 7
  5. Slow SSH login due to unreachable rsyslog server
  6. How to use “xfs_admin” command to change parameters of an XFS filesystem
  7. CentOS / RHEL 7 : How to install and configure ftp server (vsftpd)
  8. How to persistently set nr_requests using UDEV rules
  9. lvmconf Command Examples in Linux
  10. Understanding multipath Utility to Configure DM-Multipath

You May Also Like

Primary Sidebar

Recent Posts

  • JavaFX ComboBox: Set a value to the combo box
  • Nginx load balancing
  • nginx 504 gateway time-out
  • Images preview with ngx_http_image_filter_module

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright