Now Reading: How to Add or Remove Ports When Firewall is Disabled – Ranjan.info

Loading
svg
Open

How to Add or Remove Ports When Firewall is Disabled – Ranjan.info

January 23, 20242 min read

There may be a case when you need to add or remove ports when the firewall is disabled. In such cases “firewall-offline-cmd” can be used as it is an offline command-line client of the firewall daemon. A port can be added or removed through firewall-offline-cmd in case the firewall is not active.

Comment: Please make sure to use firewall-offline-cmd command to add or remove ports only when firewall is disabled.

Verify Firewall Sattu

Before proceeding, make sure that the firewall status is Offline (Dead).

# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

As per the above output the firewall status is inactive (dead).

Adding port to default zone

1. The syntax to add a port with firewall-offline-cmd is:

# firewall-offline-cmd --port=[port]:tcp

2. Now try adding port 9988:

#  firewall-offline-cmd --add-port=9988:tcp
Adding port '9988/tcp' to default zone.
success

By default when you do not provide a zone name, the “Default” zone is used to add ports.

3. To verify port addition:

# firewall-offline-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: ssh dhcpv6-client
  ports: 9988/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Adding a port to a specific area

1. The syntax to add a port to a specific region is:

# firewall-offline-cmd --zone=[zone-name] --add-port=[port]:tcp

2. Add port 9988 to the “myzone” field, for example:

# firewall-offline-cmd --zone=myzone --add-port=9988/tcp
success

Here port 9988/tcp has been added to the “myzone” zone.

3. To verify port addition:

# firewall-offline-cmd --zone=myzone --list-all
myzone
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: 
  ports: 9988/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

remove port

1. To remove a port from the default zone:

# firewall-offline-cmd --remove-port=[port]/tcp

2. To remove it from a specific area:

# firewall-offline-cmd --zone= --remove-port=[port]/tcp

3. To verify port removal, use the commands below:

For default area:

# firewall-offline-cmd --list-all

For a specific zone (myzone):

# firewall-offline-cmd --zone=myzone --list-all

To learn more about the firewall-offline-cmd command, see its man page:

$ man firewall-offline-cmd

How do you vote?

0 People voted this article. 0 Upvotes - 0 Downvotes.
svg

What do you think?

Show comments / Leave a comment

Leave a reply

Loading
svg