--- title: Open/Close ports on Firewalld - Linux --- # Open/Close ports on Firewalld - Linux ## UBUNTU ### Open the Port To open a specific port (e.g., port 80 for HTTP), use the following command: ```bash sudo firewall-cmd --add-port=80/tcp --permanent ``` Replace 80 with the port number you want to open, and tcp with the protocol you want to use (it can be tcp or udp). **Reload the Firewall Rules:** After adding the rule, reload the firewall for the changes to take effect. ```bash sudo firewall-cmd --reload ``` If you want to open a UDP port for example : Enable UDP port 514 ```bash sudo firewall-cmd --add-port=514/udp --permanent ``` **Allow outgoing port** number 25 (replace the number you want to allow for the outbound connections). The below-given command will allow all the outbound connections from port 25. ```bash firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp -d 127.0.0.1 --dport=25 -j ACCEPT ``` **Reload the Firewall Rules:** After adding the rule, reload the firewall for the changes to take effect: ```bash sudo firewall-cmd --reload ``` ### Check the Rules: You can verify that the port is open by running: ```bash sudo firewall-cmd --list-all ``` ### Close the Port: Once you've identified the open port, you can use the firewall-cmd command to remove it from the list of open ports. Replace PORT_NUMBER with the actual port number. ```bash sudo firewall-cmd --remove-port=PORT_NUMBER/tcp ``` This command will close the specified TCP port. If you want to close a UDP port, use udp instead of tcp. **Reload Firewalld:** After closing the port, it's a good practice to reload Firewalld to apply the changes: ```bash sudo firewall-cmd --reload ``` Check the active zones. ```bash sudo firewall-cmd --get-active-zones ``` Add the port to the firewall's blacklist. ```bash sudo firewall-cmd --zone=public --remove-port=/tcp ``` Replace `````` with the actual port number you want to close. Make sure to reload the firewall to apply the changes: ```bash sudo firewall-cmd --reload ``` **Reload Firewalld:** After closing the port, it's a good practice to reload Firewalld to apply the changes. To whitelist a specific port in Firewalld on Ubuntu 18 and above, you can use the following Add the desired port to the list of allowed services using the command: ```bash sudo firewall-cmd --add-port=/tcp --permanent ``` Replace `````` with the actual port number. Reload the firewall to apply the changes: ```bash sudo firewall-cmd --reload ``` Verify the changes using: ```bash sudo firewall-cmd --list-all ``` **Deny outgoing port** number 25 (replace the number you want to block for the outbound connections). The below-given command will block all the outbound connections from port 25. ```bash firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=25 -j REJECT firewall-cmd --reload ``` **Deny incoming port** number 80. The command below will deny all the traffic for port 80. ```bash sudo firewall-cmd --remove-port=80/tcp --permanent ``` Run the below-execute command to block an IP Address in Firewalld. Replace x.x.x.x with your IP Address. ```bash sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='x.x.x.x' reject" ``` **Open the port for the specific IP Address** in Firewalld and add the source IP Address and the port (3306) you want to open on your Linux local server. After that, reload the Firewalld settings to apply the changes. ```bash firewall-cmd --zone=mariadb-access --add-source=x.x.x.x --permanent firewall-cmd --zone=mariadb-access --add-port=3306/tcp --permanent firewall-cmd --reload ``` ---