Manage Linux Firewall with firewalld and firewall-cmd: In this article we will discuss about How to Manage Linux Firewall and How to Enable required Ports in Linux. Here we are using Operating System (Red Hat Enterprise Linux release 9.6) for the same.
How to Manage Linux Firewall using Firewalld command:
Firewall status:
You can check the firewall status on Linux server using firewalld command.
[root@oem13c ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
Active: active (running) since Fri 2025-07-04 09:37:03 IST; 2h 47min ago
Docs: man:firewalld(1)
Main PID: 2507750 (firewalld)
Tasks: 2 (limit: 99232)
Memory: 32.3M
CGroup: /system.slice/firewalld.service
└─2507750 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
Jul 04 09:37:02 oem13c.orakldba.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 04 09:37:03 oem13c.orakldba.com systemd[1]: Started firewalld - dynamic firewall daemon.
[root@oem13c ~]#Disable Firewall:
To disable the firewall immediately and stop the firewall automatically from the next server reboot use follow below firewalld commands.
[root@oem13c ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
Active: active (running) since Fri 2025-07-04 14:14:25 IST; 17s ago
Docs: man:firewalld(1)
Main PID: 2668733 (firewalld)
Tasks: 2 (limit: 99232)
Memory: 34.1M
CGroup: /system.slice/firewalld.service
└─2668733 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
Jul 04 14:14:23 oem13c.orakldba.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 04 14:14:25 oem13c.orakldba.com systemd[1]: Started firewalld - dynamic firewall daemon.
[root@oem13c ~]#
[root@oem13c ~]# systemctl stop firewalld
[root@oem13c ~]#
[root@oem13c ~]# systemctl disable firewalld
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
[root@oem13c ~]#
[root@oem13c ~]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
Jul 04 09:37:02 oem13c.orakldba.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 04 09:37:03 oem13c.orakldba.com systemd[1]: Started firewalld - dynamic firewall daemon.
Jul 04 12:33:28 oem13c.orakldba.com systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jul 04 12:33:28 oem13c.orakldba.com systemd[1]: firewalld.service: Deactivated successfully.
Jul 04 12:33:28 oem13c.orakldba.com systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@oem13c ~]#Enable Firewall:
To enable the firewall immediately and start the firewall automatically from the next server reboot use follow below firewalld commands.
[root@oem13c ~]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
Jul 04 09:37:02 oem13c.orakldba.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 04 09:37:03 oem13c.orakldba.com systemd[1]: Started firewalld - dynamic firewall daemon.
Jul 04 12:33:28 oem13c.orakldba.com systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jul 04 12:33:28 oem13c.orakldba.com systemd[1]: firewalld.service: Deactivated successfully.
Jul 04 12:33:28 oem13c.orakldba.com systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@oem13c ~]#
[root@oem13c ~]#
[root@oem13c ~]# systemctl start firewalld
[root@oem13c ~]#
[root@oem13c ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled)
Active: active (running) since Fri 2025-07-04 14:14:25 IST; 6s ago
Docs: man:firewalld(1)
Main PID: 2668733 (firewalld)
Tasks: 2 (limit: 99232)
Memory: 34.1M
CGroup: /system.slice/firewalld.service
└─2668733 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
Jul 04 14:14:23 oem13c.orakldba.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 04 14:14:25 oem13c.orakldba.com systemd[1]: Started firewalld - dynamic firewall daemon.
[root@oem13c ~]#
[root@oem13c ~]#
[root@oem13c ~]# systemctl enable firewalld
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
[root@oem13c ~]#
[root@oem13c ~]#
[root@oem13c ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
Active: active (running) since Fri 2025-07-04 14:14:25 IST; 17s ago
Docs: man:firewalld(1)
Main PID: 2668733 (firewalld)
Tasks: 2 (limit: 99232)
Memory: 34.1M
CGroup: /system.slice/firewalld.service
└─2668733 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
Jul 04 14:14:23 oem13c.orakldba.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 04 14:14:25 oem13c.orakldba.com systemd[1]: Started firewalld - dynamic firewall daemon.
[root@oem13c ~]#How to Manage or Enable Ports in Linux using firewall-cmd command:
To check all enabled ports on Linux:
[root@oem13c ~]# firewall-cmd --permanent --list-ports
1251/tcp 1523/tcp 12511/tcp
[root@oem13c ~]#Use below firewall-cmd command to enable a Port:
[root@oem13c ~]# firewall-cmd --permanent --list-ports
[root@oem13c ~]#
[root@oem13c ~]#
[root@oem13c ~]# firewall-cmd --permanent --add-port=1521/tcp
success
[root@oem13c ~]#
[root@oem13c ~]#
[root@oem13c ~]# firewall-cmd --permanent --list-ports
1521/tcp
[root@oem13c ~]#Use below firewall-cmd command to disable a Port:
[root@oem13c ~]# firewall-cmd --permanent --list-ports
1521/tcp
[root@oem13c ~]#
[root@oem13c ~]#
[root@oem13c ~]# firewall-cmd --permanent --remove-port=1521/tcp
success
[root@oem13c ~]#
[root@oem13c ~]#
[root@oem13c ~]# firewall-cmd --permanent --list-ports
[root@oem13c ~]#I hope my written content will helped you. Your suggestions/feedback are most welcome from orakldba.com. Keep learning… Have a great day!!!
Please comment here for your any query related to above content. You can write to mail me through my Email.Email :- orakldba@gmail.com
LinkedIn :- https://linkedin.com/in/prasantakirtaniya
Twitter :- https://twitter.com/prasantadba
Facebook Page :- https://www.facebook.com/orakldba
Website :- https://orakldba.com
ACE Profile :- https://ace.oracle.com/apex/ace/profile/prasantakirtaniya
Oracle Community :- https://community.oracle.com/customerconnect/profile/discussions/prasantakirtaniya
How can I enable the firewall on an Oracle RAC database server?