Open multiple firewall ports in CentOS7

Question

I need to open multiple different ports (not in ranges) on a CentOS machine.

I know how to open a port with firewall-cmd, but that gets bothersome for opening like 40 and more ports.

Is there a configuration file where I can define all open ports in one place? Sadly I didn't find anything regarding this.

score 12 · Answer 1 · answered Mar 26 '21 at 17:23

12

firewall-cmd --permanent --add-port={80/tcp,443/tcp,9200/tcp,5601/tcp,5044/tcp}
firewall-cmd --reload

answered Mar 26 '21 at 17:23

downtheroad

221
2
2

score 8 · Answer 2 · answered Oct 10 '17 at 06:59

8

You can always make a small script/one-liner:

#!/bin/bash
for i in 80 443 22 123 21 1337 31337
do
  firewall-cmd --zone=public --add-port=${i}/tcp
done

answered Oct 10 '17 at 06:59

mtak

17,262

score 7 · Answer 3 · answered Jan 02 '19 at 22:57

7

If those open ports are in a range for example 2379-2385, you can do as follows:

firewall-cmd --zone=zone_name --add-port=2379-2385/tcp

To make it permanent add --permanent option at end.

answered Jan 02 '19 at 22:57

Steephen

171

score 4 · Accepted Answer · answered Oct 10 '17 at 16:40

You can define a service from an xml file containing all the ports you need, add a service from it and then enable it. Create the service.xml file like so:

<?xml version="1.0" encoding="utf-8"?>
 <service>
  <port port="port1" protocol="proto1"/>
  <port port="port2" protocol="proto2"/>
  <port port="port3" protocol="proto3"/>
  <port port="port4" protocol="proto4"/>
 </service>

Add new service:

# firewall-offline-cmd --new-service-from-file=service.xml --name=My_Service

Reload firewall-cmd:

# firewall-cmd --reload

Then add your service:

# firewall-cmd --add-service My_Service

score 1 · Answer 5 · answered May 31 '23 at 07:01

Even though this is a very old question, it can get really "interesting", so I thought I should answer it.

Every possible port in a single line

# simple
firewall-cmd --add-port={80,443}/tcp
Both protocols
firewall-cmd --add-port={80,443}/{tcp,udp}
can be a bit complex and note the nested parentheses
firewall-cmd --add-port={{80,443}/{tcp,udp},{110,995}/tcp}

Then have a look at what you've done :) by typing

firewall-cmd --list-ports

But services are nicer

I've also experimented with --add-services', whose names can be found in /etc/services'. It's even nicer than using ports. Both the names and the ports are in that file, so you can list some of them:

grep -E 'http|imap|pop3|smtp|dns|ftp' /etc/services

We can open ports by entering the following: ``:

# readable
firewall-cmd --add-service={http,https}
firewall-cmd --list-services

That's it for the moment.

score 0 · Answer 6 · answered Apr 21 '22 at 04:32

I had to do the same yesterday and the following was handy.

firewall-cmd --permanent --add-port={1111,2222,3333,4445}/tcp && firewall-cmd --reload

You can include the required ports within braces {} followed by a slash / protocol.

If the ports are consecutive, you can mention them like the following.

firewall-cmd --permanent --add-port=4444-4448/tcp && firewall-cmd --reload

Run the following to ensure the ports are open

firewall-cmd --list-ports

alboforlizo · Answer 7 · 2022-07-29T13:38:46.810

0

The below command will accept traffic from ports 22,53 and 80 (see source):

/sbin/iptables -A INPUT -p tcp --match multiport --dports 22,53,80 -j ACCEPT

I prefer this variation with reload required for permanent rules only:

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dport 22,53,80 -j ACCEPT && sudo firewall-cmd --reload

edited Jul 29 '22 at 13:38

answered Jul 29 '22 at 13:26

alboforlizo

181

Open multiple firewall ports in CentOS7

7 Answers7

Every possible port in a single line

Both protocols

can be a bit complex and note the nested parentheses

But services are nicer