• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to add Source, Services and Ports to Firewall Zone in CentOS/RHEL 7 and 8

by admin

Access to certain ports are blocked or dropped by firewalld unless added to a firewall zone. This post outlines steps to add source, service, and ports to the firewall zones in CentOS/RHEL 7 and 8 systems.

Adding Service to Firewall Zone

Adding a service to a zone is the simplest way to configure the firewall.

– To allow access to a new service, use the “–add-service” service option.
– Include the “–permanent” option to make the rule persistent across reboots.

For example, to add the cockpit, dhcpv6-client, http, https, vnc-server and ssh services to the internal zone, you would use the following command:

# firewall-cmd --add-service cockpit --zone=internal --permanent
# firewall-cmd --add-service dhcpv6-client --zone=internal --permanent
# firewall-cmd --add-service http --zone=internal --permanent
# firewall-cmd --add-service https --zone=internal --permanent
# firewall-cmd --add-service vnc-server --zone=internal --permanent
# firewall-cmd --add-service ssh --zone=internal --permanent

Manage incoming traffic to a zone based on the traffic source

To allow incoming traffic from a sending node, use the following command:

# firewall-cmd --add-source=10.1.2.3 --zone=internal --permanent

Manage Network Traffic

– Network traffic through the zone’s services uses the ports of those services.
– Ports should be opened to accept traffic, you can open additional ports for network access by specifying the port number and the associated protocol.
– Use the “–add-port” option to allow access to specific ports. Ports must be specified by using the format: port-number/port-type.
– Port types can be tcp, udp, sctp, or dccp.
– Ensure that the type and the network traffic match.
– For example to add ports 1522, 7001, 5901, 443, and 80 over tcp and port 53 over udp, you would use the following command:

# firewall-cmd --zone=internal --add-port=1522/tcp --add-port=7001/tcp --add-port=5901/tcp --add-port=443/tcp --add-port=80/tcp --add-port=53/udp --permanent

Reload the Configuration

After all of the changes have been made, reload the configuration so that the current permanent configuration will become the new runtime configuration.

# firewall-cmd --reload

List zone Configuration

To list everything added for or enabled in the “internal” zone, use the following command:

# firewall-cmd --list-all --zone=internal
internal
  target: default
  icmp-block-inversion: no
  interfaces:
  sources: 10.1.2.3
  services: cockpit dhcpv6-client http https ssh vnc-server
  ports: 1522/tcp 7001/tcp 5901/tcp 443/tcp 80/tcp 53/udp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Filed Under: CentOS/RHEL, CentOS/RHEL 7, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. usermod Command Examples in Linux
  2. Linux OS Service ‘cpuspeed’
  3. RHEL / CentOS : How to shrink LVM volume
  4. How to Create Disk Partitions using cfdisk
  5. /var/log/chrony Directory Empty in CentOS/RHEL
  6. Status Commands in Linux – date, ps, who, uptime, finger, rup, ruser
  7. “Bad id for repo: My Repo, byte = 2” yum update error
  8. Configure Network Bonding in Ubuntu Server
  9. All Linux Compress/Decompress Commands
  10. tuned-adm and Oracle

You May Also Like

Primary Sidebar

Recent Posts

  • vgextend Command Examples in Linux
  • setpci command – configure PCI device
  • db_load command – generate db database
  • bsdtar command – Read and write tape archive files

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright