I need to open multiple different ports (not in ranges) on a CentOS machine.
I know how to open a port with firewall-cmd, but that gets bothersome for opening like 40 and more ports.
Is there a configuration file where I can define all open ports in one place? Sadly I didn't find anything regarding this.
5 Answers
You can define a service from an xml file containing all the ports you need, add a service from it and then enable it. Create the service.xml file like so:
<?xml version="1.0" encoding="utf-8"?> <service> <port port="port1" protocol="proto1"/> <port port="port2" protocol="proto2"/> <port port="port3" protocol="proto3"/> <port port="port4" protocol="proto4"/> </service>Add new service:
# firewall-offline-cmd --new-service-from-file=service.xml --name=My_Service
Reload firewall-cmd:
# firewall-cmd --reload
Then add your service:
# firewall-cmd --add-service My_Service
You can always make a small script/one-liner:
#!/bin/bash
for i in 80 443 22 123 21 1337 31337
do firewall-cmd --zone=public --add-port=${i}/tcp
doneIf those open ports are in a range for example 2379-2385, you can do as follows:
firewall-cmd --zone=zone_name --add-port=2379-2385/tcp To make it permanent add --permanent option at end.
firewall-cmd --permanent --add-port={80/tcp,443/tcp,9200/tcp,5601/tcp,5044/tcp}
firewall-cmd --reloadI had to do the same yesterday and the following was handy.
firewall-cmd --permanent --add-port={1111,2222,3333,4445}/tcp && firewall-cmd --reload
You can include the required ports within braces {} followed by a slash / protocol.
If the ports are consecutive, you can mention them like the following.
firewall-cmd --permanent --add-port=4444-4448/tcp && firewall-cmd --reload
Run the following to ensure the ports are open
firewall-cmd --list-ports
