add ssh port to firewall centos 7

admin3 April 2024Last Update :

Securing CentOS 7: A Comprehensive Guide to Adding SSH Port to Firewall

Welcome to the intricate world of server management and network security. As a senior technical content writer, I understand the importance of securing your digital fortress in an era where cyber threats are as common as they are sophisticated. In this article, we will delve deep into the process of adding an SSH port to the firewall on CentOS 7—a critical step in fortifying your system against unauthorized access.

Understanding the Importance of Firewalls in Server Security

Before we jump into the technicalities, let’s establish why firewalls are pivotal in safeguarding your server. A firewall acts as a gatekeeper, controlling incoming and outgoing network traffic based on predetermined security rules. It is your first line of defense, scrutinizing data packets and preventing malicious traffic from infiltrating your system.

SSH: The Secure Shell Protocol

Secure Shell (SSH) is a cryptographic network protocol used for operating network services securely over an unsecured network. Commonly, SSH is employed to log into systems and execute commands, making it a staple in remote server management. However, its default port 22 is well-known, often becoming a target for brute force attacks. Changing the SSH port and ensuring it’s allowed through the firewall can significantly enhance security.

Why Change the Default SSH Port?

  • Security through obscurity: While not foolproof, changing the default port can deter automated attacks and reduce noise from bots scanning for open SSH ports.
  • Reduced attack surface: Limiting access to a non-standard port can help mitigate the risk of vulnerabilities being exploited.
  • Better monitoring: Unusual traffic on a non-standard port is easier to spot, aiding in early detection of potential breaches.

CentOS 7 Firewall: An Overview

CentOS 7 ships with firewalld, a dynamic daemon to manage firewall with support for network zones. Unlike its predecessor iptables, firewalld allows for easier and more flexible configuration without the need for restarting the service or causing temporary network disruptions.

Step-by-Step Guide to Adding an SSH Port to the Firewall on CentOS 7

Now, let’s walk through the process of adding an SSH port to the firewall on CentOS 7. This guide assumes you have root access or equivalent sudo privileges on the system.

Step 1: Installing firewalld

If firewalld is not already installed on your CentOS 7 system, you can install it using the following command:

yum install firewalld

Step 2: Starting and Enabling firewalld

Once installed, start the firewalld service and enable it to launch at boot:

systemctl start firewalld
systemctl enable firewalld

Step 3: Checking the Status of firewalld

Verify that firewalld is running properly:

systemctl status firewalld

Step 4: Identifying the Active Zone

Determine which firewall zone is active. Zones define the level of trust for network connections and interfaces:

firewall-cmd --get-active-zones

Step 5: Choosing a New SSH Port

Select a new port number for SSH. Ensure that the chosen port does not conflict with other services and is within the allowed range (1024-65535).

Step 6: Configuring SSHD to Use the New Port

Edit the SSHD configuration file to specify the new port:

nano /etc/ssh/sshd_config

Add or modify the following line, replacing ‘new_port’ with your chosen port number:

Port new_port

Save the changes and restart the SSHD service:

systemctl restart sshd

Step 7: Adding the New SSH Port to firewalld

Add the new SSH port to the appropriate zone in firewalld:

firewall-cmd --zone=public --add-port=new_port/tcp --permanent

Reload firewalld to apply the changes:

firewall-cmd --reload

Step 8: Verifying the Configuration

Ensure that the new SSH port has been added successfully:

firewall-cmd --list-all

You should see the new port listed under the services or ports section.

Best Practices for Managing SSH Access

  • Use key-based authentication instead of passwords for enhanced security.
  • Implement fail2ban or similar software to protect against brute-force attacks.
  • Regularly update your system and SSH package to patch known vulnerabilities.
  • Limit SSH access to specific IP addresses or ranges if possible.

FAQ Section

What is the default SSH port and why should it be changed?

The default SSH port is 22. It is recommended to change it to reduce the risk of automated attacks targeting this well-known port.

Is changing the SSH port enough to secure my server?

No, changing the SSH port is just one aspect of server security. You should also implement other security measures such as key-based authentication and regular updates.

Can I use any port number for SSH?

You can use any port number between 1024 and 65535 that is not already in use by another service.

Do I need to restart my server after adding an SSH port to the firewall?

No, you do not need to restart your server. Reloading the firewalld service applies the changes without needing a reboot.


In conclusion, adding an SSH port to the firewall on CentOS 7 is a crucial step towards securing your server. By following the steps outlined in this guide, you can effectively shield your system from unwanted access while maintaining the flexibility required for efficient remote management. Remember, server security is a continuous process, and staying vigilant is key to protecting your digital assets.


Leave a Comment

Your email address will not be published. Required fields are marked *

Comments Rules :

Breaking News