In this article, I am going to show you how to list open ports in Firewalld. I am going to use CentOS 7.4 for the demonstration, but the same commands should work on any Linux distribution with Firewalld installed. Let’s get started.
What is an Open Port?
First let’s discuss what an open port is. It is clearly a networking term.
You can install many server software packagess on a single computer such as HTTP server, DNS server, Database Server and so on. But it may have a limited number of network interfaces on it. Let’s say it has one physical network interface available and its configured to have an IP address 10.0.1.11 and you have HTTP and MySQL database server installed on it. So when you connect to 10.0.1.11 from another computer, how does your server computer know what service you want to use? The HTTP service or the MySQL database service.
Well to differentiate between the HTTP service and MySQL database service, the IP address also has another property called port. Port is a 16-bit integer, which means it can be a number from 0 to 65536. So your server computer runs different services or server softwares on different ports. For example, the HTTP server runs on port 80, the MySQL database server runs on port 3306 and so on.
To talk to specific service on your server computer, let’s say the HTTP server, the client computer has to pass the port 80 along with the IP address 10.0.1.11. So port 80 is an open port because a client computer can talk to it.
When you have firewall program configured, by default, it blocks all the port. So even when the service is running on a specific port on your server computer, a client computer won’t be able to connect to it.
So how do I know what ports are open and I can connect to on my server computer? Well, that’s the topic of this article.
Finding Open Ports with Firewalld:
First check whether firewalld service is running with the following command:
As you can see from the marked section of the screenshot below, the firewalld service is running. So we are good to go.
If your firewalld service is not running, you can start firewalld service with the following command:
Now you can use the firewall-cmd command configure and get information about Firewalld.
You can print the whole Firewalld configuration with the following command:
The open ports and services are listed in the services: and ports: line as marked in the screenshot below.
In the services: line, ssh and dhcpv6-client services are enabled. It means the ports corresponding to these services are also open.
You can find out what ports these services open with the following command:
NOTE: Here, SERVICE_NAME is the service you want to see the ports of.
For example, to see the ports the ssh service opened, run the following command:
As you can see from the marked section of the screenshot below, the ssh service opens the TCP port 22 and UDP port 22.
The command sudo firewall-cmd –list-all, shows you the whole Firewalld configuration.
If you just want to see what services are allowed to have open ports, run the following command:
The services allowed to have open ports are listed as you can see from the screenshot below.
If you want to see only the ports that are open, run the following command:
The open ports are listed as you can see from the screenshot below.
If you want to open other ports or services using Firewalld, then check out my other article How To Open Port 80 on CentOS7(https://sxi.io/open-port-80-centos7/)
That’s how you list open ports in Firewalld. Thanks for reading this article.