...
This example allows a UDP port through the firewall, for all network interfaces in the "public" zone:
firewall-cmd --zone=public --add-port=20202
/udp
--permanent
Delete a rule
firewall-cmd --zone=public --remove-port=3306/tcp --permanent
Reload the firewall
This makes the port changes active:
firewall-cmd --reload
...
If port changes are specified without the --permanent flag, they will be active, but not permanent. The following command makes them permanent:
firewall-cmd --zone=public --remove-port=3306/tcp
...
runtime-to-permanent
CentOS 6
On CentOS 6, iptables is used to maintain the firewall.
Caution: iptables is cryptic and sometimes rather stupid. Especially: it will add multiple rules for the same port, and does not check if the port is already open.
List All Rules
iptables -L -n
The -n option causes the ports to be listed numerically.
Alternatively:
iptables-save > iptables_rules
less iptables_rules
This method is particularly useful for cleaning up duplicated rules.
Allow a port
This example allows a TCP port through the firewall:
iptables -I INPUT 4 -p tcp -m tcp --dport 3306 -j ACCEPT
service iptables save
This example allows a UDP port through the firewall, for all network interfaces in the "public" zone:
iptables -I INPUT 4 -p tcp -m udp --dport 20202 -j ACCEPT
service iptables save
Reload the firewall
This makes the port changes permanent:
service iptables save
Delete a rule
The simplest way to delete rules in iptables, is to save and restore the configuration:
First, save the rules:
iptables-save > iptables_rules
Now edit the rules:
vi iptables_rules
Now restore the rules, with the changes made:
iptables-restore < iptables_rules