Note: Do not try above command in any production servers because it will disable all the communication
          List all open ports, add/allow ports and remove/deny ports using firewalld in RHEL 7. We can add /
          remove ports to default zone are specified zone. After every add / remove we have to reload firewalld
          services to take effect.
          Step 13: List all ports and Services & List all ports from specified zone
          [root@server ~]# firewall-cmd --list-all  [List all open ports, services and all]
          [root@server ~]# firewall-cmd --zone=public --list-ports

          Step 14: Add & Remove Ports to firewall rules
          [root@server ~]# firewall-cmd --permanent --add-port=22/tcp
          success
          [root@server ~]# firewall-cmd --permanent --zone=public --add-port=22/tcp
          success
          [root@server ~]# firewall-cmd --zone=public --list-ports
          [root@server ~]# firewall-cmd --permanent --remove-port=22/tcp
          success
          Adding and Removing services to the firewall. By default when you add / remove service to firewall it
          will enable associated port in background
          Step 15: List, Add & Remove Services to firewall rules
          [root@server ~]# firewall-cmd --list-services
          [root@server ~]# firewall-cmd --list-services --zone=public
          [root@server ~]# firewall-cmd --permanent --zone=public --add-service=http
          [root@server ~]# firewall-cmd --permanent --add-service=https
          [root@server ~]# firewall-cmd --list-services --zone=public

          Step 16: Firewalld configuring ports / services using XML file
          Adding and removing services/ports using XML file default file path
          is “/etc/firewalld/zones/public.xml”
          [root@server ~]# cat /etc/firewalld/zones/public.xml
          <?xml version="1.0" encoding="utf-8"?>
          <zone>
           <short>Public</short>
           <description>Pulic Zone Rules</description>
           <service name="dhcpv6-client"/>
           <service name="http"/>
           <service name="ssh"/>
           <service name="https"/>
           <service name="mysql"/>
           <port protocol="tcp" port="5666"/>
           <port protocol="tcp" port="3306"/>
           <port protocol="tcp" port="3260"/>
           <port protocol="tcp" port="5667"/>
          </zone>
          Step 17: Adding port forwarding
          When we connect to 2080 port which request will be forwarded to 80 port.
          [root@server ~]# firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source
          address=192.168.4.0/24 forward-port port=2080 protocol=tcp to-port=80"
          success
          [root@server ~]# firewall-cmd --reload
          Success


                                                       S. Pradhan
                             (MCA, MBA-IT, BCA, CCNA, MCSA 2012, RHCE, ETHICAL HACKING)
                                             Email Id:-spradhan.iiht@gmail.com
                                                           90