CentOS 7 Firewall Management: Start/Stop/Restart, Port Configuration, and Queries

1. Basic firewalld service control commands for CentOS 7:

#centos7启动防火墙 systemctl start firewalld.service #centos7停止防火墙/关闭防火墙 systemctl stop firewalld.service #centos7重启防火墙 systemctl restart firewalld.service #设置开机启用防火墙 systemctl enable firewalld.service #设置开机不启动防火墙 systemctl disable firewalld.service

2. Adding a new port (example: TCP port 80) permanently:

firewall-cmd --zone=public --add-port=80/tcp --permanent

Explanation: --zone specifies the zone, --add-port=80/tcp adds the port with protocol, and --permanent makes the rule survive a reload. Multiple ports can be added, e.g., firewall-cmd --zone=public --add-port=80-90/tcp --permanent .

Note: After adding or removing rules, reload the firewall service.

3. Checking local listening ports (CentOS 7 uses ss , earlier versions use netstat -ant ):

ss -ant

4. Viewing firewall information:

#centos7查看防火墙所有信息 firewall-cmd --list-all #centos7查看防火墙开放的端口信息 firewall-cmd --list-ports

5. Removing a port (example: TCP port 80) permanently:

#删除 firewall-cmd --zone=public --remove-port=80/tcp --permanent

6. Additional commands:

List all open ports: firewall-cmd –zone=public –list-ports

Add a port permanently: firewall-cmd –zone=public –add-port=80/tcp –permanent

Reload firewall to apply changes: firewall-cmd –reload

Query if a specific port is open: firewall-cmd –zone=public –query-port=80/tcp

7. Batch opening ports (example: TCP and UDP ports 100‑500):

firewall-cmd –permanent –zone=public –add-port=100-500/tcp firewall-cmd –permanent –zone=public –add-port=100-500/udp firewall-cmd –reload

Important: After adding or deleting ports, reload the firewall service. Ensure local connectivity by testing with telnet 127.0.0.1 <port> ; failure may not be due to the firewall.