Firewalld
Get current state
firewall-cmd --state
configure file location
Configuration files are located in two directories:
/usr/lib/firewalld/ holds default configurations like default zones and common services. Avoid updating them because those files will be overwritten by each firewalld package update.
/etc/firewalld holds system configuration files. These files will overwrite a default configuration.
sudo firewall-cmd --zone=main --list-all
Add rule by firewall-cmd
firewall-cmd --permanent --zone=public --add-port=8000/tcp
firewall-cmd --permanent --zone=public --add-port=8000/udp
Edit rules by configure file
Configure file location /usr/lib/firewalld/services/
Generate main.xml file or edit it/usr/lib/firewalld/services/main.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>main</short>
<description>main</description>
<port protocol="tcp" port="80"/>
<port protocol="udp" port="80"/>
<port protocol="tcp" port="443"/>
<port protocol="udp" port="443"/>
<port protocol="tcp" port="8000"/>
<port protocol="udp" port="8000"/>
<port protocol="tcp" port="8888"/>
<port protocol="udp" port="8888"/>
<port protocol="tcp" port="9999"/>
<port protocol="udp" port="9999"/>
<port protocol="tcp" port="9600"/>
<port protocol="udp" port="9600"/>
<port protocol="tcp" port="10000"/>
<port protocol="udp" port="10000"/>
<port protocol="tcp" port="20000"/>
<port protocol="udp" port="20000"/>
</service>
Add service main to zone public
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<service name="main"/>
</zone>
Reload config
firewall-cmd --reload