Published February 16, 2018 by

Open/Close a Port in Firewall on CentOS/RedHat 7

RHEL 7/CentOS 7  introduced firewalld as a replacement for the previous iptables service.

Firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings.The firewall model with iptables was static and every change required a complete firewall restart

In this tutorial, we learn how to enable/disable a port in the firewall.

To check the current firewall rules, use the following command

# sudo iptables -L


To check the currently allowed ports in firewall, use the following command


# firewall-cmd --zone=public --list-ports

Open/Enable Port

Firewall rule settings are managed by firewalld service daemon. A command-line client called firewall-cmd can talk to this daemon to update firewall rules permanently.

For Example, To open a port TCP/80 permanently, use following commands.

# sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
# sudo firewall-cmd –-reload

Don't forget --permanent flag, Without --permanent flag, the firewall rule will not work after reboots.


Close/Disable/Remove Port

For Example, To close a port TCP/80 permanently, use following commands.

# firewall-cmd --zone=public --remove-port=80/tcp --permanent
# sudo firewall-cmd --reload

Here also Don't forget --permanent flag, Without --permanent flag, the firewall rule will not work after reboots.