BestHub
Sign in
Operations 4 min read

How to Open and Manage Linux Ports with firewalld and iptables

This guide walks you through checking firewall status, enabling firewalld, adding permanent ports, reloading the firewall, and using iptables on CentOS 6, providing complete command examples and tips for troubleshooting common issues.

Open Source Linux
Open Source Linux
Open Source Linux
How to Open and Manage Linux Ports with firewalld and iptables

Linux Port Opening

Linux port opening

1. firewall method (CentOS 7.*)

2. modify iptables method (CentOS 6.*)

1. firewall method (centOS7.*)

Check firewall status firewall-cmd --state If the output is "not running", start the firewall first.

Start firewalld systemctl start firewalld.service Verify the firewall is now active.

Add a specific port

firewall-cmd --zone=public --add-port=3306/tcp --permanent

Success indicates the port was added; --zone=public sets the public zone, --add-port=3306/tcp opens TCP port 3306, and --permanent makes the rule persistent.

Restart firewalld systemctl restart firewalld.service No output means the restart succeeded.

Reload firewalld firewall-cmd --reload Success confirms the new rules are applied.

Other useful commands

# List opened ports
firewall-cmd --list-ports

# Remove a specific port (example 8080)
firewall-cmd --zone=public --remove-port=8080/tcp --permanent
systemctl restart firewalld.service
firewall-cmd --reload

# Check which process uses a port (example 5672)
netstat -lnpt | grep 5672
# Install net-tools if netstat is missing
yum install -y net-tools

# Temporarily stop the firewall
systemctl stop firewalld.service
# Or stop using the short name
systemctl stop firewalld

# Permanently disable the firewall (stop first, then disable)
systemctl disable firewalld.service
# Or using the short name
systemctl disable firewalld

2. modify iptables method (centOS6.*)

CentOS 6.* includes iptables by default, so you can edit the iptables file directly. CentOS 7 does not include iptables, requiring manual installation before using this method.

2.1 Edit iptables file

# Edit iptables
vi /etc/sysconfig/iptables

2.2 Restart iptables

/etc/init.d/iptables restart

3. Notes

After successfully opening a port on Linux, a remote telnet may still fail; this is normal if no process is listening on the port.

For example, opening port 3306 without MySQL running means the port has no listener, so telnet will not succeed. Starting MySQL and configuring it will allow remote connections.

Port status illustration
Port status illustration
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxSystem AdministrationiptablesCentOSfirewalldport management
Open Source Linux
Written by

Open Source Linux

Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment