How to Open and Manage Linux Ports with firewalld and iptables

Using firewalld on CentOS 7

Check the current firewalld status: firewall-cmd --state If the output is not running , start the service first.

Start firewalld: systemctl start firewalld.service Verify that the service is now active.

Add a specific port permanently (example: MySQL port 3306):

firewall-cmd --zone=public --add-port=3306/tcp --permanent

The command returns success when the rule is applied.

Reload firewalld to apply changes immediately: firewall-cmd --reload A success message confirms the reload.

Other useful commands: <code># List opened ports firewall-cmd --list-ports # Remove a port (example: 8080) firewall-cmd --zone=public --remove-port=8080/tcp --permanent systemctl restart firewalld.service firewall-cmd --reload # Check which process uses a port (example: 5672) netstat -lnpt | grep 5672 # On CentOS 7, install net-tools first: # yum install -y net-tools # Temporarily stop firewalld systemctl stop firewalld.service # Permanently disable firewalld (stop first, then disable) systemctl disable firewalld.service</code>

Using iptables on CentOS 6

Edit the iptables configuration file to add or modify rules:

# vi /etc/sysconfig/iptables

Restart the iptables service to apply the new rules:

/etc/init.d/iptables restart

Important notes

Even after a port is opened in the firewall, remote telnet may still fail if no process is listening on that port. For example, opening port 3306 without a running MySQL instance will not allow connections; start the service first, then the port becomes reachable.