Centos 7 firewalld won't close a port

jeffw_00 asked:

I opened a port for ftp but I want to close it. I tried

firewall-cmd --zone=public --remove-port=21/tcp --permanent

firewall-cmd --runtime-to-permanent

firewall-cmd --reload

For the first command, I also tried
firewall-cmd –zone=public –service=ftp –remove-port=21/tcp –permanent

But I stll get

  # firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: enp1s0


  services: ssh dhcpv6-client ftp

  ports: 21/tcp


  masquerade: no




  rich rules:

What am I doing wrong?


My answer:

In your first firewalld command, you change the permanent configuration and not the running configuration.

In your second command, you then undo your change by overwriting the permanent configuration with the running configuration.

Because of this, at no time did the allowed port ever get removed from the running configuration.

You may solve this by removing the port from the running configuration, by not using --permanent, and then making it permanent with --runtime-to-peramnent as you had done.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.