FirewallD is a firewall management solution for most of the Linux distributions. You can directly allow/deny ports using the service name with Firewalld. When used services name to allow/deny, it uses /etc/services file to find corresponding port of the service. This tutorial help you to open port for HTTP (80) and HTTPS (443) services via the firewall-cmd command line.
Allow HTTP/s in Firewalld
You can allow and deny incoming traffic based on predefined services in firewalld. You can find the complete list of services in /etc/services file.
Let’s allow HTTP and HTTPS service via the firewalld.
firewall-cmd --zone=public --add-service=http firewall-cmd --zone=public --add-service=https
The above rules will be removed after system reboot. Use the --permanent option to add rules permanent in firewalld.
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https
Next, run the following command to apply the changes:
firewall-cmd --reload
Check Allowed Services
You can find the list of added services with the following command:
firewall-cmd --permanent --zone=public --list-services
You should see the results like:
cockpit dhcpv6-client http https ssh
Disable Services from Firewalld
If you want to remove/deny the above services from the firewalld, use the --remove-service option:
firewall-cmd --permanent --zone=public --remove-service=http firewall-cmd --permanent --zone=public --remove-service=ftp
Next, run the following command to apply the changes:
firewall-cmd --reload
Conclusion
In this tutorial, you have learned to allow/deny services in firewalld via command line.
Leave a Reply