[SOLVED] - Services and Ports Not Saving - Firewalld

[jmacdougca]

Services and ports are not saving in firewalld.

I added the services and ports twice using Sundry - Firewall. Both times the settings did not save after rebooting server. I did not see a button to save or anything. No problem I prefer command line anyways. So I added the services I want but they aren't showing as I expected them to after using

Code: Select all

firewall-cmd --list-all

What am I not seeing?

Code: Select all

[Neptune@www conf]$ firewall-cmd --state
running
[Neptune@www conf]$ firewall-cmd --get-active-zones
public
  interfaces: virbr0 br0 enp9s0 eno1
[Neptune@www conf]$ firewall-cmd --add-service=ssh
Warning: ALREADY_ENABLED: 'ssh' already in 'public'
success
[Neptune@www conf]$ firewall-cmd --get-service
RH-Satellite-6 RH-Satellite-6-capsule amanda-client amanda-k5-client amqp amqps apcupsd audit bacula bacula-client bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kerberos kibana klogin kpasswd kprop kshell ldap ldaps libvirt libvirt-tls lightning-network llmnr managesieve matrix mdns minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius redis rpc-bind rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server
[Neptune@www conf]$ firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: br0 eno1 enp9s0 virbr0
  sources: 
  services: dhcpv6-client ssh
  ports: 7689/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	
[Neptune@www conf]$ firewall-cmd --add-service=smtp
success
[Neptune@www conf]$ firewall-cmd --add-service=http
success
[Neptune@www conf]$ firewall-cmd --add-service=https
success
[Neptune@www conf]$ firewall-cmd --add-service=imap
success
[Neptune@www conf]$ firewall-cmd --add-service=imaps
success
[Neptune@www conf]$ firewall-cmd --reload
success
[Neptune@www conf]$ firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: br0 eno1 enp9s0 virbr0
  sources: 
  services: dhcpv6-client ssh
  ports: 7689/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	
[Neptune@www conf]$ sudo systemctl restart NetworkManager
[sudo] password for Neptune: 
[Neptune@www conf]$ firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: br0 eno1 enp9s0 virbr0
  sources: 
  services: dhcpv6-client ssh
  ports: 7689/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Code: Select all

[Neptune@www conf]$ systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-11-09 20:36:42 PST; 55min ago
     Docs: man:firewalld(1)
 Main PID: 1432 (firewalld)
    Tasks: 2
   CGroup: /system.slice/firewalld.service
           └─1432 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Nov 09 20:36:42 www.orcacomputers.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 09 20:36:42 www.orcacomputers.com systemd[1]: Started firewalld - dynamic firewall daemon.
Nov 09 20:36:42 www.orcacomputers.com firewalld[1432]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.
Nov 09 21:20:38 www.orcacomputers.com firewalld[1432]: WARNING: ALREADY_ENABLED: 'ssh' already in 'public'
Nov 09 21:23:28 www.orcacomputers.com firewalld[1432]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.

[TrevorH]

For everything you do with firewall-cmd you have to run the same thing again with --permanent or you have to run it with --runtime-to-permanent when you've finished.

[jmacdougca]

Merci, brain fog,