Instructions to open the port (port) on CentOS 7/8

I have a CentOS 7 server, on the server that installed the Apache Web Server service and listened on port 80. But after the installation is completed, I cannot access port 80 through the server's domain and IP address. (Applies to CentOS 8 as well)


The reason is because the firewall (Firewall) on CentOS 7/8 by default blocks port 80 on the server. So our task is to open the port on the server to gain access to the Web service.


Open the port (port) on CentOS 7/8


Since the firewall on CentOS 7/8 is now managed by the firewall-cmd tool, it is recommended to open the port using the following command as root user.


- Check which firewall zones are active



#Kiểm tra zone nào của tường lửa đang được active
firewall-cmd --get-active-zones

 




- Open the port (Example: 80) on the active zone (Public Zone)



firewall-cmd --zone=public --add-port=80/tcp --permanent

 



- Then for the new law to take effect, you need to reload the firewall with the following command:



firewall-cmd --reload

 




To check whether the port opening has been successful or not, go directly to the domain or IP address of the Server to see if the web server is working.


Open ports on CentOS 7/8 only for certain IPs.


With the above method, anyone can access your server, but if you want to increase security, you can only set up an IP address or a certain range of IPs to be allowed to access.



firewall-cmd --permanent --zone=public --add-rich-rule="
rule family="ipv4"
source address="1.2.3.4/32"
port protocol="tcp" port="80" accept"

 



Or directly edit the firewall's config file at: / etc / firewalld / zones /public.xml



<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="ssh"/>
<rule family="ipv4">
<source address="1.2.3.4"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="1.2.3.5"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
</zone>

 



And remember to reload the firewall to apply the new rules



firewall-cmd --reload

 



To open the port for Windows Server, please refer to this article: Instructions to open the port (open port) on Windows Server