How to add or remove a service in FirewallD? 1. Add a service: First use firewall-cmd --get-services to view available services, temporarily add --add-service=service name, and permanently add --permanent parameter; 2. Remove service: Use --remove-service=service name to temporarily remove, add --permanent permanently remove, and after modification, all need to perform --reload reload configuration; 3. Custom service: Use --new-service to create a service and edit XML file to define the port, and then add it according to the standard service. Pay attention to distinguish between temporary and permanent settings during operation, and reload the firewall in time.
FirewallD is a very commonly used dynamic firewall management tool when using Linux systems. If you need to add or remove access to a service, it can be achieved through its predefined service configuration instead of directly manipulating port rules, which is more intuitive and easier to maintain.
1. Add a service to FirewallD
To get a service to pass through a firewall, for example, if you want to open HTTP or SSH, you can use the following method:
-
View available services :
First, confirm whether the service you want to add has been supported by FirewallD:firewall-cmd --get-services
This lists all predefined service names, such as
http,https,ssh,ftp, etc. Temporarily add services (invalid after restart) :
sudo firewall-cmd --add-service=http
Permanently add services (it will still take effect after restart) :
sudo firewall-cmd --permanent --add-service=http
Remember to reload the firewall configuration after adding:
sudo firewall-cmd --reload
Note: Adding services is automatically released according to the protocol and port. You do not need to manually enter the port number, as long as it is defined in the service configuration file.
2. Remove the service in FirewallD
If a service no longer needs to be exposed, for example, if you turn off the FTP service, you can remove it from the firewall:
Temporary removal of services :
sudo firewall-cmd --remove-service=ftp
Permanent removal of services :
sudo firewall-cmd --permanent --remove-service=ftp
Don't forget to overload it too:
sudo firewall-cmd --reload
If you are not sure which services are enabled in the current area, you can use this command to view:
firewall-cmd --list-services
3. Customize the operation of the service (optional)
Sometimes the services you use are not in the default list. For example, if you are running Redis on a non-standard port (such as 6380), you can create a custom service:
Create a new service configuration file:
sudo firewall-cmd --permanent --new-service=redis
Edit the configuration file of the service (usually located in
/etc/firewalld/services/redis.xml) and add the following content:<service> <port protocol="tcp" port="6380"/> </service>
Then you can add it like other services:
sudo firewall-cmd --permanent --add-service=redis sudo firewall-cmd --reload
Basically that's it. Adding and removing services is not complicated, but you should pay attention to distinguishing between temporary and permanent settings, and remember to reload every time you modify it.
The above is the detailed content of How to add or remove a service in FirewallD?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to add a user to a secondary group?
Jul 05, 2025 am 01:52 AM
In Linux system, using the usermod command to add users to the secondary group is: 1. Execute the sudousermod-a-G group name username command to add, where -a means append to avoid overwriting the original secondary group; 2. Use groups username or grep group name /etc/group to verify whether the operation is successful; 3. Note that the modification only takes effect after the user logs in again, and the main group modification should use the -g parameter; 4. You can also manually edit the /etc/group file to add users, but be careful to avoid system abnormalities caused by format errors.
How to migrate from CentOS 8 to AlmaLinux or Rocky Linux?
Jul 06, 2025 am 01:12 AM
To migrate from CentOS8 to AlmaLinux or RockyLinux, follow the clear steps. First, choose AlmaLinux (suitable for long-term enterprise support) or RockyLinux (emphasizing exactly the same as RHEL) according to your needs. Secondly, prepare the system environment: update the software package, back up key data, check third-party repositories and disk space. Then, the conversion is automatically completed using the official migration script. RockyLinux needs to clone the repository and run the switch-to-rocky.sh script. AlmaLinux replaces the repository and upgrades with one click through the remote deployment script. Finally, verify system information, clean up residual packets, and update GRUB and ini if ??necessary
How to install a local .rpm file with all dependencies?
Jul 08, 2025 am 12:51 AM
To correctly install the local RPM file and handle dependencies, you should first use dnf to install it directly, because it can automatically obtain the required dependencies from the configured repository; if the system does not support dnf, you can use yum's localinstall command instead; if the dependency cannot be resolved, you can manually download and install all related packages; finally, you can also forcefully ignore the dependency installation, but this method is not recommended. 1. Use sudodnfinstall./package-name.rpm to automatically resolve dependencies; 2. If there is no dnf, you can use sudoyumlocalinstall./package-name.rpm; 3. Force installation and execute sudorpm-ivh--nod
What is the minimal install of CentOS and what does it include?
Jul 07, 2025 am 12:35 AM
AminimalinstallofCentOSisalightweightsetupthatincludesonlyessentialcomponents,makingitidealforserversorsystemsrequiringfullcontrol.Itcontainscoreutilitieslikebash,yum/dnf,networkingtools,andsecuritypackages,whileexcludingdesktopenvironments,webserver
How to configure a static IP address on CentOS 8/9 using nmcli?
Jul 10, 2025 pm 12:19 PM
How to set a static IP address using nmcli on CentOS8 or 9? 1. First run the nmcliconnectionshow and ipa commands to view the current network interface and its configuration; 2. Use the nmcliconnectionmodify command to modify the connection configuration, specify parameters such as ipv4.methodmanual, ipv4.addresses (such as 192.168.1.100/24), ipv4.gateway (such as 192.168.1.1), and ipv4.dns (such as 8.8.8.8). 3. Run the nmcliconnectiondown and up commands to restart the connection to make the changes take effect, or
How to install and configure fail2ban on CentOS?
Jul 10, 2025 pm 12:21 PM
Installing and configuring fail2ban on CentOS is not complicated, it mainly includes the following steps: 1. Install fail2ban using yum; 2. Manually enable and start the service; 3. Create a jail.local file for custom configuration; 4. Set SSH defense rules, including enabling sshd, specifying the blocking time and retry times; 5. Configure firewalld as an action actuator; 6. Regularly check the blocking IP and logs. Fail2ban detects abnormal login behavior through monitoring logs and automatically blocks suspicious IPs. Its core mechanism relies on key parameters such as bantime (banned time), findtime (statistic window time) and maxretry (maximum failure number).
What are KernelCare and kpatch for live kernel patching?
Jul 12, 2025 am 01:07 AM
KernelCare and kpatch are both tools for implementing hot patches in the Linux kernel, but the applicable scenarios are different. 1. KernelCare is a commercial service that supports CentOS, RHEL, Ubuntu and Debian, automatically applies patches without restarting, and is suitable for hosting service providers and enterprise production environments; 2. kpatch is an open source tool developed by Red Hat. It is based on the ftrace framework and requires manual construction of patch modules. It is suitable for RHEL and compatible systems, and is suitable for organizations that need to finely control the patch process or use customized kernels. When choosing, automation requirements, system distribution, whether official support is required, and the degree of control over open source tools should be considered. Neither of them can fix all vulnerabilities, some still need to be restarted, and
How to add or remove a service in FirewallD?
Jul 13, 2025 am 01:32 AM
How to add or remove a service in FirewallD? 1. Add a service: First use firewall-cmd-get-services to view available services, temporarily add --add-service=service name, and permanently add --permanent parameter; 2. Remove service: Use --remove-service=service name to temporarily remove, add --permanent permanently remove, and after modification, all need to perform --reload reload configuration; 3. Custom service: Use --new-service to create a service and edit the XML file to define the port, and then add it according to the standard service. Pay attention to distinguish between temporary and permanent settings during operation, and reload the firewall in time.
