I can't seem to save my firewall settings

On the default firewalld, I need to enable some ports to get access to an app I use (see thread here: How can I get an app to bypass firewalld?)

However I can’t get those settings to save. After every reboot, those settings are gone and it becomes extremely cumbersome to enter in those settings manually everytime.

Can someone guide me how to make my changes permanent?

Here’s a couple of examples on how I setup firewalld for use with my VMs:

set zone to “home”, add services, reload

sudo firewall-cmd --permanent --zone=home --add-service=dns
sudo firewall-cmd --permanent --zone=home --add-service=nfs
sudo firewall-cmd --permanent --zone=home --add-source=
sudo firewall-cmd --complete-reload

confirm the new settings

sudo firewall-cmd --list-all
home (default, active)
  target: default
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: enp6s0
  services: dhcpv6-client dns mdns nfs samba-client ssh
  forward: yes
  masquerade: no
  rich rules:

The most important part is the ---permanent switch. What app are you trying to enable?

The app I’m trying to give access is LocalSend (its a really nice app for transfering files between phones, phones and ocmputers, heck even computers nad computers).

So I need to give ports 53317 permission for tcp and udp. How would I do that exactly?

sudo firewall-cmd --permanent --zone=home --add-port=53317
sudo firewall-cmd --permanent --zone=home --add-protocol=tcp
sudo firewall-cmd --permanent --zone=home --add-protocol=udp

Just a frustration, at the interface of firewalld, it is quite unintuitive and at least I can’t figure out how to make it work.


sudo firewall-cmd --permanent --zone=home --add-port=53317/tcp
sudo firewall-cmd --permanent --zone=home --add-port=53317/udp
1 Like

I hear ya, that’s why I went to using the terminal exclusively. Let me know if @pebcak’s solution works for you.

1 Like

Ideally you wouldn’t hard allow ports like that. You would create a service and then allow the service access.

This is very simple to do in the GUI.

There are only a couple of tricks to the GUI

  • The first is understanding zones and service
  • The second is understanding that there is both a running and a permanent config

If you get a grasp for both those concepts, it should become more understandable.

The most common mistake people make is trying to treat it like ufw where you just say “open these ports”.