• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to add Source, Services and Ports to Firewall Zone in CentOS/RHEL 7 and 8

by admin

Access to certain ports are blocked or dropped by firewalld unless added to a firewall zone. This post outlines steps to add source, service, and ports to the firewall zones in CentOS/RHEL 7 and 8 systems.

Adding Service to Firewall Zone

Adding a service to a zone is the simplest way to configure the firewall.

– To allow access to a new service, use the “–add-service” service option.
– Include the “–permanent” option to make the rule persistent across reboots.

For example, to add the cockpit, dhcpv6-client, http, https, vnc-server and ssh services to the internal zone, you would use the following command:

# firewall-cmd --add-service cockpit --zone=internal --permanent
# firewall-cmd --add-service dhcpv6-client --zone=internal --permanent
# firewall-cmd --add-service http --zone=internal --permanent
# firewall-cmd --add-service https --zone=internal --permanent
# firewall-cmd --add-service vnc-server --zone=internal --permanent
# firewall-cmd --add-service ssh --zone=internal --permanent

Manage incoming traffic to a zone based on the traffic source

To allow incoming traffic from a sending node, use the following command:

# firewall-cmd --add-source=10.1.2.3 --zone=internal --permanent

Manage Network Traffic

– Network traffic through the zone’s services uses the ports of those services.
– Ports should be opened to accept traffic, you can open additional ports for network access by specifying the port number and the associated protocol.
– Use the “–add-port” option to allow access to specific ports. Ports must be specified by using the format: port-number/port-type.
– Port types can be tcp, udp, sctp, or dccp.
– Ensure that the type and the network traffic match.
– For example to add ports 1522, 7001, 5901, 443, and 80 over tcp and port 53 over udp, you would use the following command:

# firewall-cmd --zone=internal --add-port=1522/tcp --add-port=7001/tcp --add-port=5901/tcp --add-port=443/tcp --add-port=80/tcp --add-port=53/udp --permanent

Reload the Configuration

After all of the changes have been made, reload the configuration so that the current permanent configuration will become the new runtime configuration.

# firewall-cmd --reload

List zone Configuration

To list everything added for or enabled in the “internal” zone, use the following command:

# firewall-cmd --list-all --zone=internal
internal
  target: default
  icmp-block-inversion: no
  interfaces:
  sources: 10.1.2.3
  services: cockpit dhcpv6-client http https ssh vnc-server
  ports: 1522/tcp 7001/tcp 5901/tcp 443/tcp 80/tcp 53/udp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Filed Under: CentOS/RHEL, CentOS/RHEL 7, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. mkfs.exfat Command Examples in Linux
  2. lrztar Command Examples in Linux
  3. journalctl Command Examples in Linux
  4. How to Enable/Disable CPUs (Limiting CPU count) in CentOS / RHEL
  5. A File Is Claimed to Be Disappearing – How to monitor a file for deletion in Linux
  6. How to configure EPEL repository in OEL 7
  7. Firewalld Command line Reference (Cheat Sheet)
  8. CentOS / RHEL 5 : How to use the faillog command to track failed login attempts
  9. CentOS / RHEL : How to add iptable rules
  10. LVM Commands Fail With “Failed to load config file /etc/lvm/lvm.conf”

You May Also Like

Primary Sidebar

Recent Posts

  • qm Command Examples in Linux
  • qm wait Command Examples in Linux
  • qm start Command Examples in Linux
  • qm snapshot Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright