firewall-cmd

Open Port Permanently with firewalld in linux

linux, networking

First thing to do after installing a service that listening on your network interface is to test in your preferred internet browser.

However, if your firewalld is running, you will be getting a connection error message and this is how you should open it. Permanently.

# firewall-cmd --permanent --zone=public --add-port=<portNo>/tcp
# firewall-cmd --reload
# firewall-cmd --list-all

Explanation

  1. Configure the new rule to be implemented permanently, --permanent
  2. The rule is in specific zone, with specific port number and protocol, firewall-cmd --permanent --zone=public --add-port=/tcp
  3. To reload firewall-cmd with new rule, --reload
  4. Listing all rule in, --list-all

Note: Removing --permanent will caused it to take effect immediately, but the configuration is volatile!

Port forwarding with firewalld

linux

The firewalld in Linux is quite flexible and quite number of task can be achieve with just a single line of code. It just a matter of to get the parameter correctly.

Just to overcome the laziness of application team to change port, lets us port forwarding instead.

# firewall-cmd --add-forward-port='port=<port>:proto=tcp:toport=<toPort>:toaddr=<toAddress>'

Explanation

code

  1. Flagging firewall-cmd that this is a port forwarding rule, --add-forward-port=''
  2. Define protocol and port number that hit the host, port=<port>:proto=tcp
  3. Define destination port and address to be forwarded, toport=<toPort>:toaddr=<toAddress>

Note: Above command is to get the port forwarding work immediately after hitting enter. No need to reload service nor server reboot. The catch is, this is non-persistent configuration and as its name implies, the configuration will revert back once the OS being rebooted.