Answer the question
In order to leave comments, you need to log in
The port is open, but this is not visible in firewalld. This is fine?
On CentOS 7, sshd is running, port 22 is open and I can connect remotely via ssh. However, the command firewall-cmd --list-ports
does not output anything in response. But the command firewall-cmd --list-services
outputs: ssh dhcpv6-client
This is not centos-specific behavior, but simply inherent to firewalld. And why if the port is open, then this is not visible? This is fine? Is this a bug or a feature?
Answer the question
In order to leave comments, you need to log in
This is a feature.
It is considered that the administrator opens access to the service, but if the service is not described in the configuration, you can open access to the port. The maintainers of not all services bothered to have firewalld configuration in their packages.
Look, from one of my virtual machines
[[email protected] ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno16780032
sources:
services: bacula dhcpv6-client http https ssh
ports: 10050/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
Several services were opened and separately one more port - well, there was no description for the zabbix-agent service in my system. Of course, according to the correct one, it would be necessary to make xml with a description of the service and throw it into firewalld , but maybe some other time, yeah.
Most likely a feature. If the /etc/services
port is checked - it goes to the list of services.
Firewalld works with iptables and doesn't really care what program has opened what. To view open connections, use netstat. And by the way, /etc/services has nothing to do with it at all, it is used as a reference, comparing port numbers with their common name.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question