How to open port for a specific IP address on CentOS 7

  • 02 February 2017
  • ADM

 

How to open port for a specific IP address on CentOS 7 - images/logos/centos.jpg

 

This article will describe how to open a port for a specific IP address on CentOS 7.

To open a port for any source IP a simple rule can be applied using firewall-cmd command line:

$ firewall-cmd --zone=public --add-port=80/tcp --permanent

To open a port for a specific IP address the add-rich-rule need to be used:

$ firewall-cmd --permanent --zone=public --add-rich-rule='
  rule family="ipv4"
  source address="10.10.99.10/32"
  port protocol="tcp" port="80" accept'

After any firewall rules change, a reload is needed:

$ firewall-cmd --reload

To test the new rule you can use telnet command from the source address.

Also if want to see or edit directly the configuration file you can do it directly by running the following command:

$ vi /etc/firewalld/zones/public.xml
here is an example of the configuration file.
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <rule family="ipv4">
    <source address="10.10.99.10"/>
    <port protocol="tcp" port="80"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source address="10.10.99.11"/>
    <port protocol="tcp" port="80"/>
    <accept/>
  </rule>
</zone>