ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Open Firewall Ports on CentOS 7 and RHEL 7

    IT Discussion
    centos linux rhel centos 7 rhel 7 firewalld firewall security firewall-cmd
    4
    12
    3.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by scottalanmiller

      CentOS 7 and RHEL 7 versions of Linux now use the firewall-cmd command to open firewall ports. In a default installation, we just need to add the "ports" that we need to the default zone and reload. In the example below we will do this for the two common web ports: 80 and 443. The default zone is "public" but can be set to anything, of course.

      firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

      If you forget to use --permanent then the change will not persist through a reboot.

      JaredBuschJ 1 Reply Last reply Reply Quote 3
      • JaredBuschJ
        JaredBusch @scottalanmiller
        last edited by

        @scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

        CentOS 7 and RHEL 7 versions of Linux now use the firewall-cmd command to open firewall ports. In a default installation, we just need to add the "ports" that we need to the default zone and reload. In the example below we will do this for the two common web ports: 80 and 443. The default zone is "public" but can be set to anything, of course.

        firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

        If you forget to use --permanent then the change will not persist through a reload operation.

        I thought permanent, is to survive a reboot or service restart, not a reload.

        stacksofplatesS 1 Reply Last reply Reply Quote 1
        • stacksofplatesS
          stacksofplates @JaredBusch
          last edited by

          @JaredBusch said in Open Firewall Ports on CentOS 7 and RHEL 7:

          @scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

          CentOS 7 and RHEL 7 versions of Linux now use the firewall-cmd command to open firewall ports. In a default installation, we just need to add the "ports" that we need to the default zone and reload. In the example below we will do this for the two common web ports: 80 and 443. The default zone is "public" but can be set to anything, of course.

          firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

          If you forget to use --permanent then the change will not persist through a reload operation.

          I thought permanent, is to survive a reboot or service restart, not a reload.

          Correct. However it won't take effect until you do a reload or restart if you use --permanent.

          JaredBuschJ 1 Reply Last reply Reply Quote 2
          • JaredBuschJ
            JaredBusch @stacksofplates
            last edited by

            @stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

            @JaredBusch said in Open Firewall Ports on CentOS 7 and RHEL 7:

            @scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

            CentOS 7 and RHEL 7 versions of Linux now use the firewall-cmd command to open firewall ports. In a default installation, we just need to add the "ports" that we need to the default zone and reload. In the example below we will do this for the two common web ports: 80 and 443. The default zone is "public" but can be set to anything, of course.

            firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

            If you forget to use --permanent then the change will not persist through a reload operation.

            I thought permanent, is to survive a reboot or service restart, not a reload.

            Correct. However it won't take effect until you do a reload or restart if you use --permanent.

            Ok, at least I was not going crazy. @scottalanmiller's last sentence needs changed.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @JaredBusch
              last edited by

              @JaredBusch fixed

              1 Reply Last reply Reply Quote 1
              • coliverC
                coliver
                last edited by

                Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @coliver
                  last edited by

                  @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                  Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

                  XML I think.

                  coliverC 1 Reply Last reply Reply Quote 1
                  • coliverC
                    coliver @scottalanmiller
                    last edited by

                    @scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

                    @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                    Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

                    XML I think.

                    That's what I was afraid of. We're using IPTables on all of our OEL7 servers right now but I think moving to the default firewalld may be a good idea. I'll have to look into the XML config and see how much more difficult, if at all, it is over the IPTables file. It's a shame we can't just copy a single file around anymore but the XML files probably won't be too much more difficult.

                    stacksofplatesS 1 Reply Last reply Reply Quote 1
                    • stacksofplatesS
                      stacksofplates @coliver
                      last edited by

                      @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                      @scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

                      @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                      Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

                      XML I think.

                      That's what I was afraid of. We're using IPTables on all of our OEL7 servers right now but I think moving to the default firewalld may be a good idea. I'll have to look into the XML config and see how much more difficult, if at all, it is over the IPTables file. It's a shame we can't just copy a single file around anymore but the XML files probably won't be too much more difficult.

                      Ya it's not bad at all. Here's the config from my Identity Management server. It's pretty similar to /etc/sysconfig/system-config-firewall on RHEL 6, just in zone specific XML files.

                      <zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="http"/>
  <service name="https"/>
  <service name="ntp"/>
  <service name="dhcpv6-client"/>
  <service name="kerberos"/>
  <service name="ldaps"/>
  <service name="ssh"/>
  <service name="dns"/>
  <service name="ldap"/>
</zone>
                      coliverC 1 Reply Last reply Reply Quote 1
                      • coliverC
                        coliver @stacksofplates
                        last edited by

                        @stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

                        @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                        @scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

                        @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                        Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

                        XML I think.

                        That's what I was afraid of. We're using IPTables on all of our OEL7 servers right now but I think moving to the default firewalld may be a good idea. I'll have to look into the XML config and see how much more difficult, if at all, it is over the IPTables file. It's a shame we can't just copy a single file around anymore but the XML files probably won't be too much more difficult.

                        Ya it's not bad at all. Here's the config from my Identity Management server. It's pretty similar to /etc/sysconfig/system-config-firewall on RHEL 6, just in zone specific XML files.

                        <zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="http"/>
  <service name="https"/>
  <service name="ntp"/>
  <service name="dhcpv6-client"/>
  <service name="kerberos"/>
  <service name="ldaps"/>
  <service name="ssh"/>
  <service name="dns"/>
  <service name="ldap"/>
</zone>

                        Those services are predefined right? You can also build your own services via the same process.

                        stacksofplatesS 1 Reply Last reply Reply Quote 1
                        • stacksofplatesS
                          stacksofplates @coliver
                          last edited by

                          @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                          @stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

                          @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                          @scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

                          @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                          Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

                          XML I think.

                          That's what I was afraid of. We're using IPTables on all of our OEL7 servers right now but I think moving to the default firewalld may be a good idea. I'll have to look into the XML config and see how much more difficult, if at all, it is over the IPTables file. It's a shame we can't just copy a single file around anymore but the XML files probably won't be too much more difficult.

                          Ya it's not bad at all. Here's the config from my Identity Management server. It's pretty similar to /etc/sysconfig/system-config-firewall on RHEL 6, just in zone specific XML files.

                          <zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="http"/>
  <service name="https"/>
  <service name="ntp"/>
  <service name="dhcpv6-client"/>
  <service name="kerberos"/>
  <service name="ldaps"/>
  <service name="ssh"/>
  <service name="dns"/>
  <service name="ldap"/>
</zone>

                          Those services are predefined right? You can also build your own services via the same process.

                          Ya and you can define specific ports. I prob could have grabbed a better example.

                          coliverC 1 Reply Last reply Reply Quote 0
                          • coliverC
                            coliver @stacksofplates
                            last edited by

                            @stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

                            @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                            @stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

                            @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                            @scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

                            @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

                            Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

                            XML I think.

                            That's what I was afraid of. We're using IPTables on all of our OEL7 servers right now but I think moving to the default firewalld may be a good idea. I'll have to look into the XML config and see how much more difficult, if at all, it is over the IPTables file. It's a shame we can't just copy a single file around anymore but the XML files probably won't be too much more difficult.

                            Ya it's not bad at all. Here's the config from my Identity Management server. It's pretty similar to /etc/sysconfig/system-config-firewall on RHEL 6, just in zone specific XML files.

                            <zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="http"/>
  <service name="https"/>
  <service name="ntp"/>
  <service name="dhcpv6-client"/>
  <service name="kerberos"/>
  <service name="ldaps"/>
  <service name="ssh"/>
  <service name="dns"/>
  <service name="ldap"/>
</zone>

                            Those services are predefined right? You can also build your own services via the same process.

                            Ya and you can define specific ports. I prob could have grabbed a better example.

                            No, I think I've got it just need to investigate actually setting these up.

                            1 Reply Last reply Reply Quote 2
                            • 1 / 1
                            • First post
                              Last post