Opening Ports with firewall-cmd

Posted by Ryan Himmelwright on Mon, Nov 30, 2020
Tags fedora, linux, homelab, network
Emerald Outback, Beech Mountain, NC

I use a handful containerized services on my workstation. Jellyfin and minecraft servers are two examples. Many of these self-hosted applications require ports to be opened in order to work. However, I often forget this. While I am getting better about remembering to open the ports… sometimes I forget how. Not anymore.

The Problem

Firefox unable to connect to a page

Firefox unable to connect to my hugo page

To reiterate: The problem is simple. The services need a port opened, but my firewall is blocking it. The solution is just as simple: disable the firewall open the port.

Determine Zones

Before opening ports, lets first determine what firewalld zone to apply the change to. The following command will show all active zones, and which devices are in each one:

sudo firewall-cmd --get-active-zones

Additionally, I use the next command to help figure out what zone is my default.

sudo firewall-cmd --list-all

It is usually public. The --list-all command will also show which ports are already opened in the ports section, so use it to verify that they aren’t already opened.

Opening the Port

Firefox connected to a page

Connected to Hugo after opening the port

Lets open that port. Change the port value in the following command to whatever you need. I used 1313 here to open a port for hugo. Remember to also set the zone to whatever was found in the previous step:

sudo firewall-cmd --zone=public --add-port=1313/tcp

To verify:

firewall-cmd –-list-ports

Afterwards, try connecting to the service again. If it still does not work, it is possible that additional or different ports may need to be opened.

Make it Persistant

If everything does work, the change can be made persistent by running the same command again, but this time using the --permanent flag:

sudo firewall-cmd --zone=public --permanent --add-port=1313/tcp

Reload

When running the command with the --permanent flag from the start, the changes might not take affect until firewalld is reloaded. This command should apply the changes:

sudo firewall-cmd --reload

Conclusion

That’s it. It’s a short post, but it’s one I will use. I am trying not rage sudo systemctl stop firewalld anymore. This should help with that.

Next Post:
Prev Post:

Selecting Charmeleon's Upgrades My new Ergox-EZ Keyboard -- Initial Thoughts