how to add an SCTP port using firewall-cmd in CentOS

Question

I want to open an SCTP port on a firewall using firewall-cmd command on CentOS7.1 server
I have tried to add by using

firewall-cmd --zone=public --permanent --add-port=portnumber/sctp

I am getting an error response..

Error: INVALID_PROTOCOL: sctp

I have tried to add the protocol to the /etc/modprobe.d directory path..

echo "install sctp /bin/false" > /etc/modprobe.d/sctp.conf

Without Success(it did not bring any difference)..

If I do lsmod | grep sctp, I get the below response (which means sctp protocol has been allowed)

xt_sctp                12853  0  
sctp                  217455  6  
libcrc32c              12644  1 sctp  
You have new mail in /var/spool/mail/root

if I stop the firewall, I can see the connections established with

netstat -lanp|grep sctp

But if I start the firewall I see the below errors on the server log

java.net.ConnectException: Connection timed out
    at sun.nio.ch.SctpChannelImpl.checkConnect(Native Method)
    at sun.nio.ch.SctpChannelImpl.finishConnect(SctpChannelImpl.java:475)

Plus,there are no established sctp connections from the netstat output.

Is the sctp module loaded (`sudo modprobe sctp`). What does `checksctp` say? — Runcy Oommen, Oct 31 '16 at 10:16
checksctp gives the proper response SCTP supported sudo modprobe sctp goes successfully without any output response .. — Amani Musomba, Oct 31 '16 at 11:53

score 0 · Answer 1 · answered May 09 '18 at 10:50

If it still relevant, firewalld start support sctp and dccp in ports, source-ports, forward-ports for CentOS from version of RPM 0.4.4.4

The easiest way to check if your firewalld support sctp is to run command:

firewall-cmd -V

to check firewalld version or just search for sctp in (to start search inside man: /sctp)

man firewall-cmd

if sctp not supported you will not find sctp string inside man pages

how to add an SCTP port using firewall-cmd in CentOS

1 Answers1