Open/Close ports on Firewalld - Linux
UBUNTU
Open the Port
To open a specific port (e.g., port 80 for HTTP), use the following command:
sudo firewall-cmd --add-port=80/tcp --permanent
Replace 80 with the port number you want to open, and tcp with the protocol you want to use (it can be tcp or udp).
Reload the Firewall Rules: After adding the rule, reload the firewall for the changes to take effect.
sudo firewall-cmd --reload
If you want to open a UDP port for example : Enable UDP port 514
sudo firewall-cmd --add-port=514/udp --permanent
Allow outgoing port number 25 (replace the number you want to allow for the outbound connections). The below-given command will allow all the outbound connections from port 25.
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp -d 127.0.0.1 --dport=25 -j ACCEPT
Reload the Firewall Rules: After adding the rule, reload the firewall for the changes to take effect:
sudo firewall-cmd --reload
Check the Rules:
You can verify that the port is open by running:
sudo firewall-cmd --list-all
Close the Port:
Once you've identified the open port, you can use the firewall-cmd command to remove it from the list of open ports. Replace PORT_NUMBER with the actual port number.
sudo firewall-cmd --remove-port=PORT_NUMBER/tcp
This command will close the specified TCP port. If you want to close a UDP port, use udp instead of tcp.
Reload Firewalld: After closing the port, it's a good practice to reload Firewalld to apply the changes:
sudo firewall-cmd --reload
Check the active zones.
sudo firewall-cmd --get-active-zones
Add the port to the firewall's blacklist.
sudo firewall-cmd --zone=public --remove-port=<port_number>/tcp
Replace <port_number>
with the actual port number you want to close. Make sure to reload the firewall to apply the changes:
sudo firewall-cmd --reload
Reload Firewalld: After closing the port, it's a good practice to reload Firewalld to apply the changes.
To whitelist a specific port in Firewalld on Ubuntu 18 and above, you can use the following
Add the desired port to the list of allowed services using the command:
sudo firewall-cmd --add-port=<port_number>/tcp --permanent
Replace <port_number>
with the actual port number. Reload the firewall to apply the changes:
sudo firewall-cmd --reload
Verify the changes using:
sudo firewall-cmd --list-all
Deny outgoing port number 25 (replace the number you want to block for the outbound connections). The below-given command will block all the outbound connections from port 25.
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=25 -j REJECT
firewall-cmd --reload
Deny incoming port number 80. The command below will deny all the traffic for port 80.
sudo firewall-cmd --remove-port=80/tcp --permanent
Run the below-execute command to block an IP Address in Firewalld. Replace x.x.x.x with your IP Address.
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='x.x.x.x' reject"
Open the port for the specific IP Address in Firewalld and add the source IP Address and the port (3306) you want to open on your Linux local server. After that, reload the Firewalld settings to apply the changes.
firewall-cmd --zone=mariadb-access --add-source=x.x.x.x --permanent
firewall-cmd --zone=mariadb-access --add-port=3306/tcp --permanent
firewall-cmd --reload