RHEL 8 / CentOS 8 open FTP port 21 with firewalld

This article explains how to open FTP port 21 on RHEL 8 / CentOS 8 Linux system with the firewalld firewall. The FTP protocol is primarily used by file transfer services such as, but not limited to, vsftpd FTP server. For more information visit our introduction guide to firewalld syntax and usage guide.

In this tutorial you will learn:

  • How to open FTP port 21.
  • How to open FTP port 21 permanently.
  • How to list currently open ports/services.
  • How to close/remove open FTP port 21.

RHEL 8 / CentOS 8 - FTP protocol service. Open port 21

RHEL 8 / CentOS 8 – FTP protocol service. Open port 21.

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System RHEL 8 / CentOS 8
Software firewall-cmd 0.6.3 or higher
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

RHEL 8 / CentOS 8 open FTP port 21 step by step instructions

  1. Check the status of your firewall.
    # firewall-cmd --state

  2. Retrieve your currently active zones. Take a note of the zone within which you wish to open port 21:

    # firewall-cmd --get-active-zones
      interfaces: virbr0 
      interfaces: enp0s3
  3. Open port 21.

    The port 21 port is listed with Firewalld as the ftp service. To temporarily open port 21 execute:

    # firewall-cmd --zone=public --add-service=ftp

    Note, the above firewall-cmd command will open FTP 21 port only temporarily.

  4. Open FTP port 21 permanently. Execute the below command to open port 21 permanently hence, make the settings persistent after reboot:
    # firewall-cmd --zone=public --permanent --add-service=ftp
  5. Check for open ports/services. The services with permanently open ports are listed on line starting with services::
    # firewall-cmd --list-all
    public (active)
      target: default
      icmp-block-inversion: no
      interfaces: enp0s3
      services: cockpit dhcpv6-client ftp ssh
      masquerade: no
      rich rules: 
  6. In case you need to close the previously opened FTP port 21 execute:
    # firewall-cmd --zone=public --permanent --remove-service=ftp