Open/Close ports on Firewalld - Linux

UBUNTU

Open the Port:

To open a specific port (e.g., port 80 for HTTP), use the following command:

sudo firewall-cmd --add-port=80/tcp --permanent

Replace 80 with the port number you want to open, and tcp with the protocol you want to use (it can be tcp or udp).

Reload the Firewall Rules: After adding the rule, reload the firewall for the changes to take effect.

sudo firewall-cmd --reload

If you want to open a UDP port for example : Enable UDP port 514

sudo firewall-cmd --add-port=514/udp --permanent

Allow outgoing port number 25 (replace the number you want to allow for the outbound connections). The below-given command will allow all the outbound connections from port 25.

firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp -d 127.0.0.1 --dport=25 -j ACCEPT

Reload the Firewall Rules: After adding the rule, reload the firewall for the changes to take effect:

sudo firewall-cmd --reload

Check the Rules:

You can verify that the port is open by running:

sudo firewall-cmd --list-all

Close the Port:

Once you’ve identified the open port, you can use the firewall-cmd command to remove it from the list of open ports. Replace PORT_NUMBER with the actual port number.

sudo firewall-cmd --remove-port=PORT_NUMBER/tcp

This command will close the specified TCP port. If you want to close a UDP port, use udp instead of tcp.

Reload Firewalld: After closing the port, it’s a good practice to reload Firewalld to apply the changes:

sudo firewall-cmd --reload

Check the active zones.

sudo firewall-cmd --get-active-zones

Add the port to the firewall’s blacklist.

sudo firewall-cmd --zone=public --remove-port=<port_number>/tcp

Replace <port_number> with the actual port number you want to close. Make sure to reload the firewall to apply the changes:

sudo firewall-cmd --reload

Reload Firewalld: After closing the port, it’s a good practice to reload Firewalld to apply the changes.

To whitelist a specific port in Firewalld on Ubuntu 18 and above, you can use the following

Add the desired port to the list of allowed services using the command:

sudo firewall-cmd --add-port=<port_number>/tcp --permanent

Replace <port_number> with the actual port number. Reload the firewall to apply the changes:

sudo firewall-cmd --reload

Verify the changes using:

sudo firewall-cmd --list-all

Deny outgoing port number 25 (replace the number you want to block for the outbound connections). The below-given command will block all the outbound connections from port 25.

firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=25 -j REJECT

firewall-cmd --reload

Deny incoming port number 80. The command below will deny all the traffic for port 80.

sudo firewall-cmd --remove-port=80/tcp --permanent

Run the below-execute command to block an IP Address in Firewalld. Replace x.x.x.x with your IP Address.

sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='x.x.x.x' reject"

Open the port for the specific IP Address in Firewalld and add the source IP Address and the port (3306) you want to open on your Linux local server. After that, reload the Firewalld settings to apply the changes.

firewall-cmd --zone=mariadb-access --add-source=x.x.x.x --permanent

firewall-cmd --zone=mariadb-access --add-port=3306/tcp  --permanent

firewall-cmd --reload