On the default firewalld, I need to enable some ports to get access to an app I use (see thread here: How can I get an app to bypass firewalld? )
However I can’t get those settings to save. After every reboot, those settings are gone and it becomes extremely cumbersome to enter in those settings manually everytime.
Can someone guide me how to make my changes permanent?
Here’s a couple of examples on how I setup firewalld
for use with my VMs:
set zone to “home”, add services, reload
sudo firewall-cmd --permanent --zone=home --add-service=dns
sudo firewall-cmd --permanent --zone=home --add-service=nfs
sudo firewall-cmd --permanent --zone=home --add-source=192.168.122.0/24
sudo firewall-cmd --complete-reload
confirm the new settings
sudo firewall-cmd --list-all
home (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: enp6s0
sources: 192.168.122.0/24
services: dhcpv6-client dns mdns nfs samba-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
The most important part is the ---permanent
switch. What app are you trying to enable?
The app I’m trying to give access is LocalSend (its a really nice app for transfering files between phones, phones and ocmputers, heck even computers nad computers).
So I need to give ports 53317 permission for tcp and udp. How would I do that exactly?
sudo firewall-cmd --permanent --zone=home --add-port=53317
sudo firewall-cmd --permanent --zone=home --add-protocol=tcp
sudo firewall-cmd --permanent --zone=home --add-protocol=udp
Just a frustration, at the interface of firewalld, it is quite unintuitive and at least I can’t figure out how to make it work.
pebcak
February 23, 2024, 1:31pm
4
computerhelp:
So I need to give ports 53317 permission for tcp and udp. How would I do that exactly?
sudo firewall-cmd --permanent --zone=home --add-port=53317
sudo firewall-cmd --permanent --zone=home --add-protocol=tcp
sudo firewall-cmd --permanent --zone=home --add-protocol=udp
Try:
sudo firewall-cmd --permanent --zone=home --add-port=53317/tcp
sudo firewall-cmd --permanent --zone=home --add-port=53317/udp
1 Like
I hear ya, that’s why I went to using the terminal exclusively. Let me know if @pebcak ’s solution works for you.
1 Like
dalto
February 23, 2024, 6:05pm
6
Ideally you wouldn’t hard allow ports like that. You would create a service and then allow the service access.
This is very simple to do in the GUI.
There are only a couple of tricks to the GUI
The first is understanding zones and service
The second is understanding that there is both a running and a permanent config
If you get a grasp for both those concepts, it should become more understandable.
The most common mistake people make is trying to treat it like ufw where you just say “open these ports”.