Firewalld: don't hardcode port numbers, make a custom service

Computer Tips - Firewalld: don't hardcode port numbers, make a custom service

Date: 2018dec31 OS: Linux Distro: RedHat/Fedora/CentOS Keywords: firewall, smart Q. Firewalld: don't hardcode port numbers, make a custom service A. When you have custom service you can add its ports to firewalld with

firewall-cmd --permanent --add-port=5000 (Not so nice)

But what about went you list the open ports in a year you'll get a meaningless bunch of numbers

firewall-cmd --list-ports

So I prefer to create a service for all my custom ports. Lets say I want to run secure shell (ssh) on custom port 2222

cp /lib/firewalld/services/ssh.xml /etc/firewalld/services/myssh.xml

This copies the stock ssh service definition to a place where you can customize it. Change the port in /etc/firewalld/services/myssh.xml with your favourite text editor (its a simple xml file) Then add it as a service:

firewall-cmd --permanent --add-service=myssh (Nice)

Of course the spelling of the name much be exact. Now, when you see what services you have you'll see it.

firewall-cmd --list-services