I opened a port for ftp but I want to close it. I tried
firewall-cmd --zone=public --remove-port=21/tcp --permanent firewall-cmd --runtime-to-permanent firewall-cmd --reload
For the first command, I also tried
firewall-cmd –zone=public –service=ftp –remove-port=21/tcp –permanent
But I stll get
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: enp1s0 sources: services: ssh dhcpv6-client ftp ports: 21/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
What am I doing wrong?
In your first firewalld command, you change the permanent configuration and not the running configuration.
In your second command, you then undo your change by overwriting the permanent configuration with the running configuration.
Because of this, at no time did the allowed port ever get removed from the running configuration.
You may solve this by removing the port from the running configuration, by not using
--permanent, and then making it permanent with
--runtime-to-peramnent as you had done.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.