11

I want to open the following ports in my CentOS 7 firewall:

UDP 137 (NetBIOS Name Service)
UDP 138 (NetBIOS Datagram Service)
TCP 139 (NetBIOS Session Service)
TCP 445 (SMB)

I can guess that the services names include samba includes TCP 445 but I don't know if the other ports have a service name preconfigured.

I can list supported services with:

$ firewall-cmd --get-services

But this doesn't tell me what ports are configured with the services.

Is there a way to list what ports belong to these services so that I can grep for the one that I need?

Zhro
  • 2,495
  • 4
  • 28
  • 45
  • 4
    The option you are looking for is `--info-service`. It wants the service name, tough. So, in order to get ports for many services, looking at service definition files as in Ulrich Schwarz's answer is probably more handy. – fra-san Dec 05 '18 at 09:47
  • @fra-san Din kommentar borde vara ett svar. – Samuel Åslund Jun 02 '21 at 11:09
  • 1
    @SamuelÅslund Maybe, but the OP seems to need a way to list the services that use a given port. `firewall-cmd --info-service service` works the other way round. – fra-san Jun 02 '21 at 12:09

1 Answers1

14

You can find the xml files this information is stored in in /usr/lib/firewalld/services/ (for distro-managed services) and/or /etc/firewalld/services/ for your own user-defined services.

For example, samba.xml reads (on my centos7):

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Samba</short>
  <description>This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.</description>
  <port protocol="udp" port="137"/>
  <port protocol="udp" port="138"/>
  <port protocol="tcp" port="139"/>
  <port protocol="tcp" port="445"/>
  <module name="nf_conntrack_netbios_ns"/>
</service>

so it's easy to spot what ports are enabled by this service.

Ulrich Schwarz
  • 15,669
  • 4
  • 47
  • 58