How to Open Linux Ports with firewalld and iptables on CentOS

Linux Port Opening Guide

Method 1: firewalld (CentOS 7)

Check the firewall status: firewall-cmd --state If the output is not running , start the service first.

Start firewalld if it is not running: systemctl start firewalld.service Open a specific port permanently (example for MySQL port 3306):

firewall-cmd --zone=public --add-port=3306/tcp --permanent

Success indicates the rule was added. --zone=public sets the zone, --add-port=3306/tcp adds the TCP port, and --permanent makes the rule survive reboots.

Restart firewalld to apply changes: systemctl restart firewalld.service Reload firewalld rules without restarting the service: firewall-cmd --reload Additional useful commands:

# List opened ports
firewall-cmd --list-ports

# Remove a specific port (example 8080)
firewall-cmd --zone=public --remove-port=8080/tcp --permanent
systemctl restart firewalld.service
firewall-cmd --reload

# Find which process occupies a port (example 5672)
netstat -lnpt | grep 5672
# Install net-tools if netstat is missing
yum install -y net-tools

# Temporarily stop the firewall
systemctl stop firewalld.service

# Permanently disable the firewall (stop first, then disable)
systemctl disable firewalld.service

Method 2: iptables (CentOS 6)

CentOS 6 includes iptables by default, so you can edit the rules directly.

Edit the iptables configuration file: # vi /etc/sysconfig/iptables Add or modify -A INPUT -p tcp --dport 3306 -j ACCEPT (example) and save the file.

Restart iptables to apply the new rules:

/etc/init.d/iptables restart

Important Considerations

Even after successfully opening a port, remote telnet may still fail if no process is listening on that port. For example, opening port 3306 without a running MySQL instance will not allow connections; start the service first.