I can never remember this…
firewall-cmd --list-all-zones
Look to see which is ‘active’. Should be FedoraServer on Fedora Server. Then..
firewall-cmd --zone=FedoraServer --add-port=80/tcp --permanent
Annoyingly, the –permanent means ‘just add to the startup configuration, but don’t do anything now’. If you leave off the –permanent, then it takes effect right away but only affects the running configuration and will be lost after a restart.
Either way, you need two commands – either the –permanent command above, followed by
firewall-cmd --reload
or, and this is probably wiser in case you do something wrong and lock yourself out, you should do the command without –permanent, then check that all works (no –reload will be needed), then add it in again with –permanent so that the rule will be present after a future restart.
So, in summary:
firewall-cmd --zone=FedoraServer --add-port=80/tcp
(check that things are as you want them)
firewall-cmd --zone=FedoraServer --add-port=80/tcp --permanent
for localhost only stuff (e.g. powerdns stats on 127.0.0.1:8081)
firewall-cmd --zone=trusted --add-port=8081/tcp firewall-cmd --zone=trusted --add-port=8081/tcp --permanent
To remove / undo:
firewall-cmd --zone=FedoraServer --remove-port=80/tcp firewall-cmd --zone=FedoraServer --remove-port=80/tcp --permanent
For some known services (not sure which.. maybe it just uses /etc/services ?) you can give the service name instead of the port/protocol:
--add-service=http
instead of
--add-port=tcp/80
etc.
Comments (0)