The port is open, but this is not visible in firewalld. This is fine?

A

Asparagales2019-01-12 11:25:47

linux

Asparagales, 2019-01-12 11:25:47

On CentOS 7, sshd is running, port 22 is open and I can connect remotely via ssh. However, the command firewall-cmd --list-portsdoes not output anything in response. But the command firewall-cmd --list-servicesoutputs: ssh dhcpv6-client
This is not centos-specific behavior, but simply inherent to firewalld. And why if the port is open, then this is not visible? This is fine? Is this a bug or a feature?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Dmitry, 2019-01-12
@Asparagales

This is a feature.
It is considered that the administrator opens access to the service, but if the service is not described in the configuration, you can open access to the port. The maintainers of not all services bothered to have firewalld configuration in their packages.
Look, from one of my virtual machines
[[email protected] ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno16780032
sources:
services: bacula dhcpv6-client http https ssh
ports: 10050/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
Several services were opened and separately one more port - well, there was no description for the zabbix-agent service in my system. Of course, according to the correct one, it would be necessary to make xml with a description of the service and throw it into firewalld , but maybe some other time, yeah.

A

Alexander, 2019-01-12
@alexr64

Most likely a feature. If the /etc/servicesport is checked - it goes to the list of services.

A

Alexey Cheremisin, 2019-01-12
@leahch

Firewalld works with iptables and doesn't really care what program has opened what. To view open connections, use netstat. And by the way, /etc/services has nothing to do with it at all, it is used as a reference, comparing port numbers with their common name.