Do you want to open ports HTTP and HTTPS in
firewalld? In this tutorial, I will explain how to open ports 80 & 443 in firewalld in CentOS Stream release 8. HTTP and HTTPS protocols are generally used by web servers such as Apache or Nginx. But these ports 80 & 443 are not opened by default in the firewall and if you want to, here’s how it’s done.
How to open ports HTTP & HTTPS in firewalld?
Step 1: Check the status of the firewall.
# systemctl status firewalld
# firewall-cmd --state running
If the service is not running, then you need to start it as shown below.
# systemctl start firewalld
Step 2: List the active zones.
In firewalld, zones are a group of rules deciding what traffic should be allowed depending on the level of trust in the network.
# firewall-cmd --get-active-zones public interfaces: ens3
The above output says that I currently have one public zone which is assigned to the interface
ens3. You can also list zones and services opened in those zones.
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens3 sources: services: cockpit dhcpv6-client ssh ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Look out for the services attribute highlighted in the above output. Currently, DHCP, ssh and cockpit are opened.
Step 3: Open ports 80 and 443.
The below commands will add services HTTP & HTTPS to the public zone. But note, the ports are opened temporarily.
# firewall-cmd --zone=public --add-service=http success # firewall-cmd --zone=public --add-service=https success
In order to open the ports permanently and keep these changes persistent after reboot, you need to execute the below commands.
# firewall-cmd --zone=public --permanent --add-service=http success # firewall-cmd --zone=public --permanent --add-service=https success # firewall-cmd --reload success
Step 4: Check if the ports are opened and listed under the correct zone.
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens3 sources: services: cockpit dhcpv6-client http https ssh ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
How to close the ports in firewalld?
In case, if you need to close ports 80 & 443 then execute the below commands.
# firewall-cmd --zone=public --permanent --remove-service=http # firewall-cmd --zone=public --permanent --remove-service=https # firewall-cmd --reload
To confirm if the services are removed from the zone, use the
firewall-cmd --list-all command.
Learn more about firewalld.