How to add or remove a service in FirewallD? 1. Add a service: First use firewall-cmd --get-services to view available services, temporarily add --add-service=service name, and permanently add --permanent parameter; 2. Remove service: Use --remove-service=service name to temporarily remove, add --permanent permanently remove, and after modification, all need to perform --reload reload configuration; 3. Custom service: Use --new-service to create a service and edit XML file to define the port, and then add it according to the standard service. Pay attention to distinguish between temporary and permanent settings during operation, and reload the firewall in time.
FirewallD is a very commonly used dynamic firewall management tool when using Linux systems. If you need to add or remove access to a service, it can be achieved through its predefined service configuration instead of directly manipulating port rules, which is more intuitive and easier to maintain.
1. Add a service to FirewallD
To get a service to pass through a firewall, for example, if you want to open HTTP or SSH, you can use the following method:
-
View available services :
First, confirm whether the service you want to add has been supported by FirewallD:firewall-cmd --get-services
This lists all predefined service names, such as
http,https,ssh,ftp, etc. Temporarily add services (invalid after restart) :
sudo firewall-cmd --add-service=http
Permanently add services (it will still take effect after restart) :
sudo firewall-cmd --permanent --add-service=http
Remember to reload the firewall configuration after adding:
sudo firewall-cmd --reload
Note: Adding services is automatically released according to the protocol and port. You do not need to manually enter the port number, as long as it is defined in the service configuration file.
2. Remove the service in FirewallD
If a service no longer needs to be exposed, for example, if you turn off the FTP service, you can remove it from the firewall:
Temporary removal of services :
sudo firewall-cmd --remove-service=ftp
Permanent removal of services :
sudo firewall-cmd --permanent --remove-service=ftp
Don't forget to overload it too:
sudo firewall-cmd --reload
If you are not sure which services are enabled in the current area, you can use this command to view:
firewall-cmd --list-services
3. Customize the operation of the service (optional)
Sometimes the services you use are not in the default list. For example, if you are running Redis on a non-standard port (such as 6380), you can create a custom service:
Create a new service configuration file:
sudo firewall-cmd --permanent --new-service=redis
Edit the configuration file of the service (usually located in
/etc/firewalld/services/redis.xml) and add the following content:<service> <port protocol="tcp" port="6380"/> </service>
Then you can add it like other services:
sudo firewall-cmd --permanent --add-service=redis sudo firewall-cmd --reload
Basically that's it. Adding and removing services is not complicated, but you should pay attention to distinguishing between temporary and permanent settings, and remember to reload every time you modify it.
The above is the detailed content of How to add or remove a service in FirewallD?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
CentOS server has no network connection, how to fix it?
Jun 19, 2025 am 12:13 AM
When the CentOS server cannot be connected to the network, you can follow the following steps to check: 1. Check the status of the network interface, use iplinkshow to confirm whether the interface is enabled, if not enabled, use sudoiplinksetup to start, and use ipaddrshow to check the IP allocation status; 2. If it is in DHCP mode, run sudodhclient to obtain the IP. If it is static configuration, check the IP, gateway and DNS settings in /etc/sysconfig/network-scripts/ifcfg- and restart the network service; 3. Check the routing table iprouteshow to ensure that there is a default gateway. If there is no, add it temporarily or modify GATEWAY in the configuration file.
How to enable the EPEL (Extra Packages for Enterprise Linux) repository?
Jun 17, 2025 am 09:15 AM
The key to enabling EPEL repository is to select the correct installation method according to the system version. First, confirm the system type and version, and use the command cat/etc/os-release to obtain information; second, enable EPEL through dnfinstallepel-release on CentOS/RockyLinux, and the 8 and 9 version commands are the same; third, you need to manually download the corresponding version of the .repo file and install it on RHEL; fourth, you can re-import the GPG key when encountering problems. Note that the old version may not be supported, and you can also consider enabling epel-next to obtain the test package. After completing the above steps, use dnfrepolist to verify that the EPEL repository is successfully added.
How to mount a new disk permanently in /etc/fstab?
Jun 20, 2025 am 12:02 AM
The steps to mount a new hard disk and realize automatic mount on the computer are as follows: 1. Use lsblk, fdisk-l or blkid to confirm the device path and UUID of the new hard disk. It is recommended to use UUID to ensure stability; 2. Create a mount point directory, such as /mnt/data, and set appropriate permissions; 3. Edit the /etc/fstab file, add a line of configuration, the format is UUID=hard disk UUID mount point file system type defaults02, note that the sixth column of the XFS file system is 0; 4. Use sudomount-a and df-h to confirm that it is correct to avoid errors after restart; 5. If there is a problem, check the file system type, mount point exists or enter reco based on the error message.
How to change the SELinux context of a file or directory?
Jun 18, 2025 am 12:07 AM
SELinux context errors will cause the service to fail to access the file. The solution is as follows: 1. Use chcon to temporarily modify, such as chcon-thttpd_sys_content_t/var/www/html/index.html, but it is invalid after restart; 2. Use semanagefcontext to set permanent rules, such as semanagefcontext-a-thttpd_sys_content_t"/opt/myapp(/.*)?", and then run the restorecon application rules; 3. View the file context through ls-Z and analyze the process context in combination with ps-eZ; 4.
How to update all packages on a CentOS system?
Jun 25, 2025 am 12:01 AM
To update all software packages on the CentOS system, you can use yum (CentOS7) or dnf (CentOS8 and above). The specific steps are as follows: 1. Check for available updates and use "sudoyumcheck-update" or "sudodnfcheck-update" to list the packages to be updated; 2. Execute the system-wide update, and use "sudoyumupdate-y" or "sudodnfupgrade--allowerasing" commands to upgrade, where the -y parameter is automatically confirmed, and --allowerasing allows the deletion of conflicting packages; 3. If the update involves a new kernel, the system needs to be restarted to take effect, and "unam can be used to use "
How to change DNS servers in /etc/resolv.conf?
Jun 26, 2025 am 12:09 AM
The key to modifying the DNS configuration of /etc/resolv.conf is to master the steps and precautions. The file needs to be changed because the system uses its specified DNS by default for domain name resolution. When changing more stable or privacy-protected DNS (such as 8.8.8.8, 1.1.1), it needs to be edited manually; nano or vim can be used to open the file and modify the nameserver entry; after saving and exiting, some systems need to restart the network service to take effect; however, it should be noted that if the system uses systemd-resolved or DHCP to automatically obtain the configuration, the direct modification may be overwritten. The corresponding configuration should be adjusted before locking the file or restarting the service; in addition, up to two or three DNS addresses can be added, the order affects
How to update the kernel on CentOS?
Jul 02, 2025 am 12:30 AM
The key to updating the CentOS kernel is to use the ELRepo repository and set up the startup items correctly. 1. First run uname-r to view the current kernel version; 2. Install the ELRepo repository and import the key; 3. Use yum to install kernel-lt (long-term support version) or kernel-ml (main version); 4. After the installation is completed, check the available kernels through the awk command and use grub2-set-default to set the default startup item; 5. Generate a new GRUB configuration file grub2-mkconfig-o/boot/grub2/grub.cfg; 6. Finally restart the system and run uname-r again to confirm whether the kernel version is effective. The whole process requires
How to configure a static IP address on CentOS 7 using ifcfg files?
Jul 02, 2025 am 12:22 AM
To configure the CentOS7 static IP address, you need to edit the ifcfg file of the corresponding network card. 1. First confirm the network card name such as ens33 through iplinkshow or ls/sys/class/net; 2. Edit the /etc/sysconfig/network-scripts/ifcfg-ens33 file to set BOOTPROTO=static and fill in IPADDR, NETMASK, GATEWAY and other parameters; 3. After saving, restart the network service to make the configuration take effect; 4. Use the ipaddrshow and ping commands to verify whether the configuration is successful. Be careful to avoid IP conflicts and restart the network service after modification. If you use NetworkM
