Firewalld blocks incoming connections by default, protecting your VPS from unauthorised access. You need to open specific ports to allow legitimate traffic to reach your applications.
You will open ports in firewalld by enabling predefined services or specifying port numbers directly. This allows applications like web servers, databases and SSH connections to function whilst maintaining security.
Before you begin
- You need SSH access to your VPS with sudo privileges.
- Firewalld must be installed and running on your server.
Check for predefined services
Firewalld includes predefined service configurations for common applications. Using these services makes your firewall rules more readable and easier to manage than specifying port numbers directly.
- Connect to your server via SSH.
Log in using your credentials:ssh user@your-server-ipreplacing user with your username and your-server-ip with your server’s IP address. - List available services.
Runfirewall-cmd --get-servicesto display all predefined services. Look for entries matching your application, such as http and https for web servers, ssh for SSH connections, mysql and postgresql for database servers, or mongodb for MongoDB.
If you find a matching service, proceed to the next section. If not, you will open the port manually by specifying its number.
Open a service or port
You can enable access by adding either a predefined service or a specific port number. Services provide clearer configuration, whilst port numbers offer flexibility for custom applications.
- Add a service permanently.
If you found a matching service in the previous section, enable it withsudo firewall-cmd --permanent --add-service=SERVICEreplacing SERVICE with the service name, such as http or mysql. The--permanentflag ensures the rule persists after reboots. - Add a port manually.
If no predefined service exists, specify the port number and protocol:sudo firewall-cmd --permanent --add-port=3080/tcpreplacing 3080 with your port number and tcp with the protocol (tcp or udp). - Reload firewalld.
Apply your changes by runningsudo firewall-cmd --reload. This activates all permanent rules and resets any temporary runtime configurations.
Your firewall now allows traffic through the specified service or port. The next section confirms your configuration is active.
Verify open ports and services
After modifying firewall rules, you should confirm the correct services and ports are enabled. This prevents configuration errors that could block legitimate traffic or leave unwanted ports open.
- List active services.
Runsudo firewall-cmd --list-servicesto display all enabled services. Verify your service appears in the output. - List open ports.
Runsudo firewall-cmd --list-portsto show manually opened ports. Confirm your port number and protocol appear correctly.
If your service or port does not appear, repeat the previous section and ensure you included the --permanent flag before reloading firewalld.
Wrapping up
You opened a port in firewalld by enabling a predefined service or specifying a port number directly. Your VPS now accepts connections on the configured port whilst maintaining security for all other services.
Review your firewall configuration regularly as you add new applications. Our guides on installing MERN stack on AlmaLinux and connecting to PostgreSQL remotely include specific port requirements. If you prefer a different firewall interface, learn how to configure UFW. Our VPS hosting gives you full control over your server’s firewall configuration.
Need more power?
Get scalable resources with our VPS hosting with root access and optional software.
Get VPS Hosting
Starting something new?
Perfect for websites and small businesses unlimited bandwidth with cPanel hosting.
Get cPanel Hosting