How to Open and Manage Linux Ports with firewalld and iptables

Using firewalld on CentOS 7

Check the firewall status: firewall-cmd --state If the output is "not running", start the service first.

Start the firewalld service: systemctl start firewalld.service Verify that the service is now active.

Add a permanent port rule (example opens MySQL port 3306):

firewall-cmd --zone=public --add-port=3306/tcp --permanent

The command returns "success" when the rule is applied. The --zone=public flag limits the rule to the public zone, and --permanent makes it survive reboots.

Restart the firewall to apply changes immediately: systemctl restart firewalld.service No output indicates success.

Reload the firewall configuration (alternative to restart): firewall-cmd --reload A "success" message confirms the reload.

Additional useful commands:

List opened ports: firewall-cmd --list-ports Close a specific port (e.g., 8080):

firewall-cmd --zone=public --remove-port=8080/tcp --permanent
systemctl restart firewalld.service
firewall-cmd --reload

Temporarily stop the firewall: systemctl stop firewalld.service Permanently disable the firewall (must stop it first):

systemctl disable firewalld.service

Using iptables on CentOS 6

Edit the iptables configuration file: # vi /etc/sysconfig/iptables Add or modify rules as needed, then save the file.

Restart iptables to apply the new rules:

/etc/init.d/iptables restart

Important notes

Even after a port appears open in the firewall, remote telnet may still fail if no process is listening on that port. For example, opening port 3306 does not make MySQL reachable until the MySQL service is started and bound to the port.