BestHub
Sign in
Operations 5 min read

How to Open and Manage Linux Ports with firewalld and iptables

This guide explains step‑by‑step how to check firewall status, start firewalld, open specific ports, reload or restart the firewall on CentOS 7, and modify iptables directly on CentOS 6, including useful commands for listing, removing, and temporarily disabling ports.

Liangxu Linux
Liangxu Linux
Liangxu Linux
How to Open and Manage Linux Ports with firewalld and iptables

Overview

The article provides practical instructions for enabling network ports on Linux systems, covering two methods: using firewalld on CentOS 7 (and newer) and editing iptables on CentOS 6.

1. firewalld method (CentOS 7.*)

Check the firewall status: firewall-cmd --state If the output is not running , start the service first.

Start firewalld: systemctl start firewalld.service Open a specific port permanently (example for MySQL port 3306):

firewall-cmd --zone=public --add-port=3306/tcp --permanent

The command returns success . The --zone=public flag limits the rule to the public zone, and --permanent makes it survive reboots.

Restart firewalld to apply changes: systemctl restart firewalld.service Reload the firewall rules without a full restart: firewall-cmd --reload Additional useful commands:

# List opened ports
firewall-cmd --list-ports

# Remove a specific port (e.g., 8080)
firewall-cmd --zone=public --remove-port=8080/tcp --permanent
systemctl restart firewalld.service
firewall-cmd --reload

# Temporarily stop the firewall
systemctl stop firewalld.service

# Permanently disable the firewall (after stopping it first)
systemctl disable firewalld.service

2. iptables method (CentOS 6.*)

CentOS 6 includes iptables by default, so you can edit the rules directly; CentOS 7 requires manual installation of iptables if you prefer this method.

2.1 Edit the iptables configuration file

# vi /etc/sysconfig/iptables

Modify the file to add or remove rules as needed, then save.

2.2 Restart iptables

/etc/init.d/iptables restart

3. Important notes

Even after a port is opened in the firewall, remote telnet may fail if no process is listening on that port. For example, opening port 3306 will not work until MySQL is started and bound to the port.

4. Sample command summary

# Check firewall status
firewall-cmd --state

# Start firewalld
systemctl start firewalld.service

# Open port 3306 permanently
firewall-cmd --zone=public --add-port=3306/tcp --permanent

# Reload rules
firewall-cmd --reload

# List opened ports
firewall-cmd --list-ports

# Remove port 8080
firewall-cmd --zone=public --remove-port=8080/tcp --permanent
systemctl restart firewalld.service
firewall-cmd --reload

# Temporarily stop firewall
systemctl stop firewalld.service

# Permanently disable firewall
systemctl disable firewalld.service
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

firewallLinuxiptablesCentOSsystemctlfirewalldport management
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment