The best thing about CentOS 7 is, it has a super easy firewall built-in. I recommend you not to disable the firewall.

To check the active zones:

[root@rh7 ~]# firewall-cmd --get-active-zones
  interfaces: enp1s0f0

To get available service names:

[root@rh7 ~]# firewall-cmd --get-services
RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https

If the service you want to enable listed with the command above, you don’t have to write explicit port number, to allow a service permanently:

[root@rh7 ~]# firewall-cmd --zone=public --add-service=https --permanent

If the desired service is not available such as POP3 use the following command:

[root@rh7 ~]# firewall-cmd --zone=public --add-port=110/tcp --permanent

When you finish adding/removing rules, apply them with the command:

[root@rh7 ~]# firewall-cmd --reload

To check the services enabled on the zone public:

[root@rh7 ~]# firewall-cmd --zone=public --list-all
public (default, active)
  interfaces: enp1s0f0
  services: dhcpv6-client http https imaps pop3s smtp ssh
  ports: 7071/tcp 110/tcp
  masquerade: no
  rich rules:

Leave a Reply

Your email address will not be published.