How do I completely block port using firewalld?

centos firewall centos7 firewalld
5,068

Solution 1

The way I solved it is I added a rich rule in the trusted zone:

rule family="ipv4" port port="6" protocol="tcp" drop

From what I know, rich rules are applied first. It seems to be working correctly in my case.

Solution 2

Some generic command are below

firewall-cmd --list-ports
firewall-cmd --get-zones
firewall-cmd --zone=public --add-port=5000/tcp

#Updated the url Aleksandar Pavić reported, Thanks Aleksandar Pavić

For some more docs and more details, please check it. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-controlling_traffic#sec-Controlling_Ports_using_CLI

Share:
5,068

Related videos on Youtube

Radu Murzea
Author by

Radu Murzea

I'm a backend PHP developer working for Pentalog, where I build awesome applications using the amazing Symfony framework. My current location is Cluj-Napoca (Romania), one of Eastern Europe's main IT outsourcing center. I thrive in challenging environments and am never afraid to get my hands dirty. My passions include software development, psychology and poker.

Updated on September 18, 2022

Comments

  • Radu Murzea
    Radu Murzea almost 2 years

    Disclaimer: It's the first time I use firewalld, be gentle :) .

    I have a CentOS machine and I want to implement the following requirements using firewalld:

    • Allow connections from anywhere to ports 1, 2, 3, 4.
    • Allow connections to port 5 only from IP addresses IP1, IP2 and IP3
    • Completely block connections to port 6, from anywhere.

    So I did this:

    • added the ports 1, 2, 3 and 4 to the public zone
    • added port 5 and IP addresses IP1, IP2 and IP3 to zone trusted

    Now the zones look like this:

    public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno12345
  sources:
  services: ssh dhcpv6-client
  ports: 1/tcp 2/tcp 3/tcp 4/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

trusted (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces:
  sources: IP1 IP2 IP3
  services:
  ports: 5/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

    Note: public is the default zone.

    So the first 2 rules seem to be applied correctly.

    However I got stuck with the final rule (completely block port 6). I tried multiple solutions and none seem to work.

    1). What should I do to apply this?

    2). How come I can connect through port 6 even though it's not explicitly listed as allowed in the firewalld configuration? No rule about it is added in iptables either.

  • Aleksandar Pavić
    Aleksandar Pavić over 2 years
    Link is dead 404...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to enable CentOS 7 to connect to an external SMTP?
Firewalld blocks IPv6, ignores config
How to open port for a specific IP address with firewall-cmd on CentOS?
firewalld settings for OpenVPN with https, ssh, and smtp
Firewalld: How to whitelist just two IP-addresses, not on the same subnet
Cannot ping centos7 host
How to open a port on CentOS 7 when firewallD is not running?
Can multiple firewalld zones be active at any given time?
issues configuring firewall rules for Postgres on Centos
Access denied trying to enable or unmask firewalld