CentOS 7 was shipped together with firewalld which a layer above iptables.

Unlike iptables, no rc.local need to be update to make sure a permanent firewall configuration with firewalld.

---

Command

• To permanently open TCP port 80
  
  $ sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
• The port is yet to open, unless we reboot the machine, else just reload service
  
  $ sudo firewall-cmd --reload
• Make sure port open correctly by listing all allowed port/service
  
  $ firewall-cmd --list-all