CentOS 7 Firewall Management: Start/Stop/Restart, Port Configuration, and Queries

1. Basic firewalld service control commands for CentOS 7:

#centos7启动防火墙
systemctl start firewalld.service
#centos7停止防火墙/关闭防火墙
systemctl stop firewalld.service
#centos7重启防火墙
systemctl restart firewalld.service
#设置开机启用防火墙
systemctl enable firewalld.service
#设置开机不启动防火墙
systemctl disable firewalld.service

2. Adding a new port (example: TCP port 80) permanently: firewall-cmd --zone=public --add-port=80/tcp --permanent Explanation: --zone specifies the zone, --add-port=80/tcp adds the port with protocol, and --permanent makes the rule survive a reload. Multiple ports can be added, e.g., firewall-cmd --zone=public --add-port=80-90/tcp --permanent.

Note: After adding or removing rules, reload the firewall service.

3. Checking local listening ports (CentOS 7 uses ss, earlier versions use netstat -ant): ss -ant 4. Viewing firewall information:

#centos7查看防火墙所有信息
firewall-cmd --list-all
#centos7查看防火墙开放的端口信息
firewall-cmd --list-ports

5. Removing a port (example: TCP port 80) permanently:

#删除
firewall-cmd --zone=public --remove-port=80/tcp --permanent

6. Additional commands:

List all open ports: firewall-cmd –zone=public –list-ports Add a port permanently: firewall-cmd –zone=public –add-port=80/tcp –permanent Reload firewall to apply changes: firewall-cmd –reload Query if a specific port is open: firewall-cmd –zone=public –query-port=80/tcp 7. Batch opening ports (example: TCP and UDP ports 100‑500):

firewall-cmd –permanent –zone=public –add-port=100-500/tcp
firewall-cmd –permanent –zone=public –add-port=100-500/udp
firewall-cmd –reload

Important: After adding or deleting ports, reload the firewall service. Ensure local connectivity by testing with telnet 127.0.0.1 <port>; failure may not be due to the firewall.