firewall-cmd doesn't show open ports on CentOS7

hacback17 · 12-01-2020, 08:47 PM

Hi pals

When running

Code:

sudo firewall-cmd --list-ports

, it doesn't show up any ports even though there are several ports open, for example SSH.

Code:

[osboxes@osboxes ~]$
[osboxes@osboxes ~]$ sudo firewall-cmd --state
running
[osboxes@osboxes ~]$ sudo firewall-cmd --list-services
cockpit dhcpv6-client ssh
[osboxes@osboxes ~]$ sudo firewall-cmd --list-ports

[osboxes@osboxes ~]$
[osboxes@osboxes ~]$ grep ssh /etc/services | head -n1
ssh             22/tcp                          # The Secure Shell (SSH) Protocol
[osboxes@osboxes ~]$

You can see the screenshot here for a better view: https://ibb.co/9ZMyGcK

So my question and confusion is that if a service, for example SSH is running, why it doesn't show the port when executing this

Code:

sudo firewall-cmd --list-ports

. Is it normal? I am new to firewalls.

Thanks in advance!

michaelk · 12-01-2020, 10:02 PM

Yes it is normal.

The list-services option does not convert ports numbers to names. It is a predefined list of services that have been installed on the system. Although the port numbers are assumed to be per the /etc/services file.

If for example you were to run ssh on another port like 2222 you would use --add-port=2222/tcp option and then that port will be shown with -list-ports.

It is possible to manually add a service to the list

If you are running the desktop there will be the gui firewall utility that shows the predefined listed and a checkbox to open it. In addition there will be an option to add a port. That is the same as the command line list-port.

hacback17 · 12-01-2020, 10:50 PM

Very well explained, Michaelk!

Thanks for the help!