CentOS 7
On CentOS 7, firewall-cmd is used to maintain the firewall.
List All Rules
firewall-cmd --list-all
Allow a port
This example allows a TCP port through the firewall, for all network interfaces in the "public" zone:
firewall-cmd --zone=public --add-port=3306/tcp --permanent
This example allows a UDP port through the firewall, for all network interfaces in the "public" zone:
firewall-cmd --zone=public --add-port=20202/udp --permanent
firewall-cmd --zone=public --remove-port=3306/tcp --permanent
Reload the firewall
This makes the port changes active:
firewall-cmd --reload
If port changes are specified without the --permanent flag, they will be active, but not permanent. The following command makes them permanent:
firewall-cmd --runtime-to-permanent
CentOS 6
On CentOS 6, iptables is used to maintain the firewall.
Caution: iptables is cryptic and sometimes rather stupid. Especially: it will add multiple rules for the same port, and does not check if the port is already open.
List All Rules
iptables -L -n
The -n option causes the ports to be listed numerically.
Alternatively:
iptables-save > iptables_rules less iptables_rules
This method is particularly useful for cleaning up duplicated rules.
Allow a port
This example allows a TCP port through the firewall:
iptables -I INPUT 4 -p tcp -m tcp --dport 3306 -j ACCEPT service iptables save
This example allows a UDP port through the firewall, for all network interfaces in the "public" zone:
iptables -I INPUT 4 -p tcp -m udp --dport 20202 -j ACCEPT service iptables save
Reload the firewall
This makes the port changes permanent:
service iptables save
Delete a rule
The simplest way to delete rules in iptables, is to save and restore the configuration:
First, save the rules:
iptables-save > iptables_rules
Now edit the rules:
vi iptables_rules
Now restore the rules, with the changes made, and make them permanent:
iptables-restore < iptables_rules service iptables save