View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions firewalld failed to reload
Log in to Ask a Question

firewalld failed to reload

networking

Hi,

i was build my new fresh centos 7 server and try to configuration firewalld, this is my step:

change ssh port and some stuff

vi /etc/ssh/sshd_config
Port 22222
UseDNS no
GSSAPIAuthentication no

reload config

systemctl restart sshd.service

config firewall

systemctl enable firewalld
systemctl start firewalld

firewall-cmd --permanent --remove-service=ssh
firewall-cmd --zone=public --permanent --add-service={http,https,ftp,dns,smtp,smtps,pop3,pop3s,imap,imaps,rsyncd}
firewall-cmd --zone=public --permanent --add-port={22222/tcp,587/tcp,2525/tcp,8080/tcp,8433/tcp}

and finally iam try to reload with this command:

firewall-cmd --reload

but its nothing happen, its just like this :

~~![](<URL url=)https://lh3.googleusercontent.com/-02IK … apture.PNG">https://lh3.googleusercontent.com/-02IK_28MGmM/WadYlh9rG3I/AAAAAAAABOE/RtsPiZrlAcoVgB7kLvECHQqaUa9fMLTYgCHMYCw/s0/Capture.PNG" />

iam try to close putty and open again but now i cant login to vps.

its there anything iam miss?

thank you.

regards,

maszd~~

6 Replies

iam try this command :

systemctl status firewalld

its show :

~~![](<URL url=)https://lh3.googleusercontent.com/-SHv5 … 0/0001.PNG">https://lh3.googleusercontent.com/-SHv5zgmAYFo/WaeJsnZpRSI/AAAAAAAABOU/nbABE6i0iTglSsfcoPK17Rzuqq3yfa-YwCHMYCw/s0/0001.PNG" />

and iam try this command :

firewall-cmd --state

its show :

![](https://lh3.googleusercontent.com/-B1la … 0/0002.PNG">https://lh3.googleusercontent.com/-B1laeSSI6W4/WaeJ5kq5X0I/AAAAAAAABOY/fO-bgieDEOMbiPYlpAvV5H1iHdRQaTRbwCHMYCw/s0/0002.PNG" />~~

How did you come up with the command line –add-service={…} and --add-port={…} ??

That doesn't seem to me to be a valid command. As far as I know, --add-service and --add-port must be individual commands per service/port (eg --add-service=http, --add-service=https, etc…).

I suggest you take a look at your /etc/firewalld/zones/public.xml to see what is the current state of your zone.

Hmm,,my bad :(

thank you very much IfThenElse, thats working now :)

regards,

maszd

No problem, nice to know it works.

btw

when I play with firewall-cmd, I don't use –permanent right away. Instead, I run the commands without it, so it affects the running system. If I break something and I loose connectivity, then all I need to do is reboot the server via the Linode Manager, no need to login via LISH or other alternative method. Once things are stable, I run my commands with –permanent.

also, remember that SELinux needs to know about the new port:

semanage port -a -t ssh_port_t -p tcp 22222

thank you for tips :)

btw i see selinux status default is disabled :)

SELinux is a unique and very strong security feature, I highly recommend it for all internet facing servers.

The default Linode kernel has this feature removed, but you can use the original CentOS kernel which supports SELinux.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct