firewall-offline-cmd is an offline command-line client of the firewall daemon. This should only be used when the Firewall service is not running. A port can be added or removed through firewall-offline-cmd in case the firewall is not active.
firewall-offline-cmd command example
1. To add a port:
# firewall-offline-cmd --port=XXXX:tcp
2. To remove a port:
# firewall-offline-cmd --remove-port=XXXX/tcp
3. If no zone is defined, the port will be added to the default zone. To add a port to a specific region:
# firewall-offline-cmd --zone=[zone-name] --add-port=XXXX/tcp
4. To remove a port from a specific region:
# firewall-offline-cmd --zone=[zone-name] --remove-port=XXXX/tcp
Since the port is connected [zone-name]In the .xml file, the port will remain associated even after enabling or reloading the Firewall service.
5. To list all ports under a particular region:
# firewall-offline-cmd --zone=[zone-name] --list-all
6. To list all ports under all regions:
# firewall-offline-cmd --list-all
Comment:Replace XXXX with the actual port number.
See the man page for more information on firewall-offline-cmd.
$ man firewall-offline-cmd
Before running any of the above commands, make sure that the Firewall service is offline. Changes to the firewall configuration using the firewall-offline-cmd command should be made only when the firewall service is offline.
# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1)