Opening outbound ports

I need the outbound port 443 opened to allow for MFA on my Rocky Linux 9.1 system.

I’ve tried these commands below, but nmap still shows the port is closed.

firewall-cmd --new-policy out-public --permanent
firewall-cmd --reload
firewall-cmd --policy out-public --add-egress-zone=public --permanent
firewall-cmd --policy out-public --set-target=ACCEPT --permanent
firewall-cmd --reload

Here is the output of firewall-cmd --list-all:

public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
services: cockpit dhcpv6-client http https ssh
forward: yes
masquerade: no
rich rules:

Here is command I’m using to test port 443:

sudo nmap -Pn -p 443

I’m new to firewalld and selinux. What am I missing?

Did some more searching and this selinux command fixed my issue:

sudo setsebool -P httpd_can_network_connect 1

1 Like


  • The default firewall allows all outbound traffic; no need to open anything
  • The default is to allow replies in established connections, also inbound
  • The ‘nmap’ tries to talk to a process that listens on a port. The attempt is inbound connection. To send outbound does not require the process to listen anything
  • The SELinux can block both listening and outbound connections
  • The policy objects are about traffic routed from one zone to another. They do not handle inbound nor outbound traffic

Thanks for the explanation @jlehtone. The firewalld commands make sense, but I need to read up on SELinux as that’s something I’m not familiar with.