Menu
How to Open Specific Port in FirewallD

How to Open Specific Port in FirewallD

Written by , Updated on July 24, 2020

Firewalld is a firewall management solution used by the most of modern Linux distributions. In this tutorial you will learn how to open ports in firewalld. This tutorial describe you to open a port for public, specific IP or IP range in firewalld. Find our previous article about installation and uses of Firewalld on Linux system.

In this tutorial, all the commands are written for MySQL port 3306. You can use the same command for any other ports as per your requirements.

Allow Port for All Traffic

Use the following commands to allow incoming traffic on port 3306 to all traffic coming from public network.

firewall-cmd --zone=public --add-port=3306/tcp

To add rule for permanent use --permanent option with command.

firewall-cmd --permanent --zone=public --add-port=3306/tcp

Allow Port for Specific IP

You can also restrict access on any port based on source address. To open port access based on source address needed to add firewall rich rule.

Run the below command to allow access for port 4567 to 192.168.0.0/24 network.

firewall-cmd --permanent --zone=public --add-rich-rule='
  rule family="ipv4"
  source address="192.168.0.0/24"
  port protocol="tcp" port="3306" accept'

Reload the firewall rules to apply changes.

firewall-cmd --reload

Verify Rules

After adding the rules in firewalld, You can verify the by the running following command.

firewall-cmd --list-all

Output:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="192.168.0.0/24" port port="3306" protocol="tcp" accept

The last line of output shows the rich rules added the firewalld.

Remove Rules from Firewalld

If you don’t need to keep the ports open, you can remove/deny the above ports from the firewalld using the –remove-port option:

firewall-cmd --permanent --zone=public --remove-port=3306/tcp

Next, run the following command to apply the changes:

firewall-cmd --reload

Conclusion

In this tutorial, you have learned to open port access to all traffic or specific IP address/network using firewalld on Linux operating systems.

Rahul
Rahul
Connect on Facebook Connect on Twitter

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

Leave a Reply

© 2013-2020 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy