How to open the access port on the firewall of CentOS


If you want to provide services on the server, such as CentOS or RHEL’s Enterprise Linux distributions contain powerful built-in firewalls, their default firewall rules are very strict. Therefore, if you install any custom services (such as web server, NFS and Samba), their traffic is likely to be blocked by firewall rules. So we need to open the necessary port on the firewall to allow traffic to pass through.
On CentOS / RHEL 6 or earlier, iptables service allows users to interact with Netfilter kernel module to configure firewall rules in user space. However, starting with CentOS / RHEL 7, a new user space interface called firewalld was introduced to replace iptables services.

Use this command to view the current firewall rules:

Copy code

The code is as follows:

$ sudo iptables -L

2015617174223287.jpg (640×286)

Now, let’s see how to modify the firewall on CentOS / RHEL to open a port.
Open port on CentOS / RHEL 7

After starting CentOS / RHEL 7, firewall rule settings are managed by firewalld service process by default. A command line client called firewall CMD supports communicating with this daemon to permanently modify firewall rules.

Use these commands to permanently open a new port (such as TCP / 80).

Copy code

The code is as follows:

$ sudo firewall-cmd –zone=public –add-port=80/tcp –permanent
$ sudo firewall-cmd –reload

If the “- permanent” flag is not used, the firewall rules will be invalid after restart.
Open port on CentOS / RHEL 6

On CentOS / RHEL 6 and even earlier systems, iptables service is responsible for maintaining firewall rules.

Use the first command of iptables to open a new TCP / UDP port through the firewall. In order to preserve the modified rules permanently, a second command is needed.

Copy code

The code is as follows:

$ sudo iptables -I INPUT -p tcp -m tcp –dport 80 -j ACCEPT
$ sudo service iptables save

Another way is through a firewall client called system config firewall Tui.

Copy code

The code is as follows:

$ sudo system-config-firewall-tui

Select the “Customize” button in the middle and press enter.
2015617174243723.jpg (640×365)

If you want to modify the firewall for any known service, such as a web server, just check the service and close the tool. If you want to open any TCP / UDP port, select the “forward” button, and then enter the next interface.
2015617174300309.jpg (640×364)

Select the Add button to add a new rule.
2015617174328737.jpg (640×364)

Specify a port (such as 80) or port range (such as 3000-3030) and protocol (such as TCP or UDP).
2015617174346414.jpg (640×365)

Finally, save the modified configuration and close the tool. In this way, the firewall is permanently saved.
2015617174401147.jpg (640×365)