firewall-cmd –add-port

# firewall-cmd –list-service
dhcpv6-client http https ssh

# firewall-cmd –list-ports

# firewall-cmd –add-port=11122/tcp –zone=public –permanent
success

# firewall-cmd –reload
success

# firewall-cmd –list-service –zone=public
dhcpv6-client http https ssh

systemctl list-unit-files in trial #1

too many ? services.

# systemctl list-unit-files | grep enable
accounts-daemon.service enabled
atd.service enabled
auditd.service enabled
chronyd.service enabled
crond.service enabled
dbus-org.fedoraproject.FirewallD1.service enabled
dbus-org.freedesktop.NetworkManager.service enabled
dbus-org.freedesktop.nm-dispatcher.service enabled
firewalld.service enabled
getty@.service enabled
hypervkvpd.service enabled
hypervvssd.service enabled
irqbalance.service enabled
kdump.service enabled
NetworkManager-dispatcher.service enabled
NetworkManager.service enabled
postfix.service enabled
rpcbind.service enabled
rsyslog.service enabled
sshd.service enabled
dm-event.socket enabled
iscsid.socket enabled
iscsiuio.socket enabled
lvm2-lvmetad.socket enabled
rpcbind.socket enabled
default.target enabled
multi-user.target enabled
nfs.target enabled
remote-fs.target enabled

systemctl + firewall.http

# systemctl list-unit-files | grep http
httpd.service                               disabled
# systemctl enable httpd
ln -s ‘/usr/lib/systemd/system/httpd.service’ ‘/etc/systemd/system/multi-user.target.wants/httpd.service’
# systemctl list-unit-files | grep http
httpd.service                               enabled

# getenforce
Disabled

# vi /etc/firewalld/zones/public.xml
..
<service name=”dhcpv6-client”/>
+  <service name=”http”/>
+  <service name=”https”/>
<service name=”ssh”/>
..
# firewall-cmd —reload
success

or

# firewall-cmd –add-service=http –zone=public –permanent
success
# firewall-cmd –add-service=https –zone=public –permanent
success
# firewall-cmd –reload
success
# firewall-cmd –list-service –zone=public
dhcpv6-client http https ssh

firewalld.sshd

# vi /usr/lib/firewalld/services/ssh.xml
–  <port protocol=”tcp” port=”22″/>
+  <port protocol=”tcp” port=”{another port}”/>
multilines with each ports can work.

# firewall-cmd –reload
# firewall-cmd –get-services

public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

can use only dhcpv6-client, ssh.

(さらに…)