Thanks to the article CentOS in computer networks for SMEs written by Fico, I decided to install Centos 7 on one of my test computers, the installation has been quite simple, also I have followed the article What to do after installing CentOS 7? Fast guide to put it in tune. Centos It accompanied me in my university days, so it brings back certain memories and nostalgia to use it again.
The problem
Already with Centos 7 installed I had a problem, I could not open some ports in the firewall, which are essential to perform some of my daily tasks. Jurundering here and there, in addition to reading official documentation, I managed to reach the solution.
Opening ports in Centos 7 Firewall
Utilice este comando para encontrar la (s) zona (s) activa (s):
firewall-cmd --get-active-zones
The result will be public, dmz or some other. You should only apply to the necessary areas.
In the case of dmz you can open the ports permanently with the following command:
firewall-cmd --zone=dmz --add-port=8080/tcp --permanent
De lo contrario, sustituya dmz por su zona, por ejemplo, si su zona es pública:
firewall-cmd --zone=public --add-port=8080/tcp --permanent
Para que los cambios surtan efectos debemos reiniciar el firewall con el siguiente comando:
firewall-cmd --reloadTemporarily open ports
This solution allows the chosen ports to remain open permanently, if you want the ports to remain open temporarily, you must perform the following steps:
In the case of dmz you can open the ports temporarily with the following command:
firewall-cmd --zone=dmz --add-port=8080/tcp
De lo contrario, sustituya dmz por su zona, por ejemplo, si su zona es pública:
firewall-cmd --zone=public --add-port=8080/tcp
Para que los cambios surtan efectos debemos reiniciar el firewall con el siguiente comando:
firewall-cmd --reloadSome probably will not have knowledge of what dmz zones are, so it is good to explain:
What are DMZ zones?
Quoting from the tp-link documentation:
Due to the non-trivial nature of the DMZ implementation, using a DMZ is not recommended unless you are very familiar with the networks. A DMZ is rarely a requirement, but is generally recommended by security conscious network administrators.
In short, the DMZ will only accept those pre-selected connections. A kind of public access but in which connections are limited.
With these steps you can open the ports you need in the Centos FirewallRemember that it is important to take the necessary precautionary measures so that unauthorized third parties do not access our computer through these ports. We hope you find it useful and don't forget to leave us your impressions.
Nice article, dear Luigys. If you look at it, I don't think I have posted anything about firewalls or iptables. The security issue is tricky, even though there are programs that help you a lot to implement it. I have only had that need on an Internet-facing server that has been in production for almost a year. In my company, we are below an ISP, and the firewall through iptables that I have configured, guarantees good security. My WAN is not the Internet. It is precisely a kind of private DMZ of my ISP, to which many other companies like mine connect. That type of network is used a lot around here.
Federico, in general, I don't touch the subject of security much, because I don't have the adequate knowledge to give it beyond the main touches that I give to my servers and personal computers.
I have heard of this type of popular network in Cuba, I hope at some point to learn more about it. Undoubtedly, today there are various tools that allow us to make life easier, but individual knowledge about the comfort of the tool should always be deprived.
How do I open a range of ports and multiple ports with the firewall-cmd command? in iptables you can safely and I can't find how to do it, thanks.