Browse - Computer Tips - Firewalld: don't hardcode port numbers, make a custom service

Date: 2018dec31
OS: Linux
Distro: RedHat/Fedora/CentOS
Keywords: firewall, smart

Q.  Firewalld: don't hardcode port numbers, make a custom service

A.  When you have custom service you can add its ports to firewalld with

firewall-cmd --permanent --add-port=5000 (Not so nice)
But when about went you list the open ports in a year you'll get a meaningless bunch of numbers
firewall-cmd --list-ports
So I prefer to create a service for all my custom ports. Lets say I want to run secure shell (ssh) on custom port 2222
cp /lib/firewalld/services/ssh.xml /etc/firewalld/services/myssh.xml
This copies the stock ssh service definition to a place where you can customize it. Change the port in /etc/firewalld/services/myssh.xml with your favourite text editor (its a simple xml file) Then add it as a service:
firewall-cmd --permanent --add-service=myssh (Nice)
Of course the spelling of the name much be exact. Now, when you see what services you have you'll see it.
firewall-cmd --list-services