Monday, December 07, 2020

Firewall-cmd to open ports

My notes to open internal firewall on a newly built server.

 

On a newly built Redhat/Oracle Linux all the ports are blocked by default

I installed Oracle & the listener is running on port 1521 port - I was not able to access the port from other servers or from network. The fix is to open internal firewall, this can be performed using GUI/command line options.


Important

"firewall-cmd  --reload"   Always run after adding/removing a port/service .


Verify opened ports

$ firewall-cmd --list-ports


Add Ports - TCP/UDP

$ firewall-cmd --permanent --add-port=1521/tcp

$ firewall-cmd --permanent --add-port=7001-7099/tcp 

$ firewall-cmd  --permanent --list-ports

blank

$ firewall-cmd  --reload

$ firewall-cmd  --list-ports

1521/tcp 7001-7099/tcp 


Add Service  - Instead of TCP/UDP, you can also add service function

$ firewall-cmd --permanent --add-service=ssh

$ firewall-cmd --permanent --add-service=http

Remove Port

$ firewall-cmd --permanent --remove-port=444/udp

$ firewall-cmd --permanent --remove-port=1521/tcp

$ firewall-cmd --permanent --remove-port=7001-7099/tcp 


$ firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: eth0

  sources:

  services: dhcpv6-client postgresql ssh

  ports: 1521/tcp 1522/tcp 22/tcp

  protocols:

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

  rich rules:


Ref:

https://www.liquidweb.com/kb/an-introduction-to-firewalld/

https://landoflinux.com/linux_firewall_config_tool.html

https://www.tecmint.com/open-port-for-specific-ip-address-in-firewalld/

https://firewalld.org/documentation/howto/open-a-port-or-service.html

https://firewalld.org/documentation/howto/add-a-service.html





No comments: