Management of Port in Firewalld

About

This page is about the management of port within firewalld

Name

Ports can be named:

• numerically with the internet protocol. ie: for a HTTP server port
  • 80/tcp
  • or 80 (as tcp is the default)
• or with the notion of service (ie http service)

If the service is not known, you can add the port manually.

Example of service definition:

cat /usr/lib/firewalld/services/http.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>WWW (HTTP)</short>
  <description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
  <port protocol="tcp" port="80"/>
</service>

How to

Add a port

With the Shell firewall cmd

firewall-cmd --zone=public --add-port=5000/tcp --permanent
firewall-cmd --reload

With Ansible - Ansible command line

- name: "Open the web console port"
  become: yes
  firewalld:
    port: 8443/tcp
    permanent: yes
    state: enabled
  notify: firewalld reload

• Handler to restart ie firewall-cmd –reload

- name: "firewalld reload"
  systemd:
    state: restarted
    name: firewalld

List Port

firewall-cmd --zone=public --list-ports

Remove Port

firewall-cmd --zone=public --remove-port=22/tcp --permanent

then reload