mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-11-24 21:35:17 +00:00
43 lines
1.5 KiB
Text
43 lines
1.5 KiB
Text
|
// Module included in the following assemblies:
|
||
|
//
|
||
|
// firewalld.adoc
|
||
|
|
||
|
// Base the file name and the ID on the module title. For example:
|
||
|
// * file name: doing-procedure-a.adoc
|
||
|
// * ID: [id='doing-procedure-a']
|
||
|
// * Title: = Doing procedure A
|
||
|
|
||
|
// The ID is used as an anchor for linking to the module. Avoid changing it after the module has been published to ensure existing links are not broken.
|
||
|
[id=closing-ports-firewalld-fedora]
|
||
|
// The `context` attribute enables module reuse. Every module's ID includes {context}, which ensures that the module has a unique ID even if it is reused multiple times in a guide.
|
||
|
= Closing a port
|
||
|
|
||
|
When an open port is no longer needed, close that port in firewalld. It is highly recommended to close all unnecessary ports as soon as they are not used because leaving a port open represents a security risk.
|
||
|
|
||
|
.Closing a port using the command line
|
||
|
|
||
|
To close a port, remove it from the list of allowed ports:
|
||
|
|
||
|
. List all allowed ports:
|
||
|
+
|
||
|
----
|
||
|
$ firewall-cmd --list-ports
|
||
|
----
|
||
|
+
|
||
|
[WARNING]
|
||
|
====
|
||
|
This command will only give you a list of ports that have been opened as ports. You will not be able to see any open ports that have been opened as a service. Therefore, you should consider using the --list-all option instead of --list-ports.
|
||
|
====
|
||
|
+
|
||
|
. Remove the port from the allowed ports to close it for the incoming traffic:
|
||
|
+
|
||
|
----
|
||
|
$ sudo firewall-cmd --remove-port=port-number/port-type
|
||
|
----
|
||
|
+
|
||
|
. Make the new settings persistent:
|
||
|
+
|
||
|
----
|
||
|
$ sudo firewall-cmd --runtime-to-permanent
|
||
|
----
|