Hi Earl, >The problem is you added the rule in runtime and when you reloaded it >removed the rule that you added; therefore you need to use --permanent >or >do not reload. Thanks! That worked. [root at appd:~] #firewall-cmd --zone=home --list-ports [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent success [root at appd:~] #firewall-cmd --reload success [root at appd:~] #firewall-cmd --zone=home --list-ports 8181/tcp #telnet appd.mydomain.com 8181 Trying xx.xx.xx.xx... Connected to appd.mydomain.com. Escape character is '^]'. On Sat, May 9, 2015 at 3:14 PM, Earl A Ramirez <earlaramirez at gmail.com> wrote: > On 9 May 2015 at 14:57, Tim Dunphy <bluethundr at gmail.com> wrote: > > > Hey all, > > > > I'm having a little trouble opening up a port on a C7 machine. > > > > Here's the default zone: > > > > [root at appd:~] #firewall-cmd --get-default-zone > > home > > > > So I try to add the port: > > > > [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp > > success > > > > Then I reload firewalld: > > > > [root at appd:~] #firewall-cmd --reload > > success > > > > Simple! That should do it. Right? Well not quite. > > > > Cuz when I telnet to that host on that port, it's not connecting: > > > > #telnet appd.mydomain.com 8181 > > Trying xx.xx.xx.xx... <---obscuring the real IP > > telnet: connect to address xx.xx.xx.xx: Connection refused > > telnet: Unable to connect to remote host > > > > Yet, that port is definitely listening on the host: > > > > [root at appd:~] #lsof -i :8181 > > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > > java 13423 root 333u IPv6 3526508 0t0 TCP *:intermapper > (LISTEN) > > > > > > And if I stop the firewall momentarily : > > > > I can telnet to that port from a remote location: > > > > #telnet appd.mydomain.com 8181 > > Trying xx.xx.xx.xx... > > Connected to appd.mydomain.com. > > Escape character is '^]'. > > > > Of course I bring up the firewall right away once I'm done testing: > > > > [root at appd:~] #systemctl start firewalld > > [root at appd:~] #systemctl status firewalld > > firewalld.service - firewalld - dynamic firewall daemon > > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) > > Active: active (running) since Sat 2015-05-09 14:56:20 EDT; 7s ago > > Main PID: 18826 (firewalld) > > CGroup: /system.slice/firewalld.service > > └─18826 /usr/bin/python -Es /usr/sbin/firewalld --nofork > --nopid > > > > May 09 14:56:20 appd systemd[1]: Started firewalld - dynamic firewall > > daemon. > > > > Any ideas on what I'm doing wrong? > > > > Thanks, > > Tim > > -- > > GPG me!! > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > I saw that you are doing firewall-cmd --reload; however you did not had the > following: > > firewall-cmd --permanent --zone=home --add-port=8181/tcp > > The problem is you added the rule in runtime and when you reloaded it > removed the rule that you added; therefore you need to use --permanent or > do not reload. > > Let me know if this helps. > > > -- > Kind Regards > Earl Ramirez > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B