openshift-docs/modules/microshift-firewall-opt-settings.adoc

// Module included in the following assemblies:
//
// * microshift_networking/microshift-firewall.adoc

:_mod-docs-content-type: PROCEDURE
[id="microshift-firewall-optional-settings_{context}"]
= Using optional port settings

The {microshift-short} firewall service allows optional port settings.

.Procedure

* To add customized ports to your firewall configuration, use the following command syntax:
+
[source,terminal]
----
$ sudo firewall-cmd --permanent --zone=public --add-port=<port number>/<port protocol>
----
+
.Optional ports
[option="header"]
|===
|Port(s)|Protocol(s)|Description

|80
|TCP
|HTTP port used to serve applications through the {ocp} router.

|443
|TCP
|HTTPS port used to serve applications through the {ocp} router.

|5353
|UDP
|mDNS service to respond for {ocp} route mDNS hosts.

|30000-32767
|TCP
|Port range reserved for NodePort services; can be used to expose applications on the LAN.

|30000-32767
|UDP
|Port range reserved for NodePort services; can be used to expose applications on the LAN.

|6443
|TCP
|HTTPS API port for the {product-title} API.
|===

The following are examples of commands used when requiring external access through the firewall to services running on {microshift-short}, such as port 6443 for the API server, for example, ports 80 and 443 for applications exposed through the router.

.Example commands

* Configuring a port for the {microshift-short} API server:
+
[source,terminal]
----
$ sudo firewall-cmd --permanent --zone=public --add-port=6443/tcp
----

* Configuring ports for applications exposed through the router:
+
[source,terminal]
----
$ sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
----
+
[source,terminal]
----
$ sudo firewall-cmd --permanent --zone=public --add-port=443/tcp
----