Opening a port with firewalld doesn't seem to work

Question

I have configured sshd to live on a different port. I have opened that port using firewalld:

$ sudo firewall-cmd --zone=public --add-port=22000/tcp --permanent

Listing rules shows port 22000 is open:

$ sudo firewall-cmd --permanent --zone=public --list-all
public (default)
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports: 22000/tcp 
  masquerade: no
  forward-ports: 
  icmp-blocks:
  rich rules:

However I cannot log in from a remote host to port 22000. If I use iptables, it works:

$ sudo iptables -I INPUT -p tcp --dport 22000 -j ACCEPT

I can now log in. But how can I open the port with Firewalld?

Edit: As requested:

 $ sudo firewall-cmd --get-default-zone
 public

And:

 $ firewall-cmd --get-active-zones
 public
  interfaces: eth0 eth1

score 9 · Accepted Answer · edited Jun 26 '17 at 13:38

See the firewalld docs:

The permanent option --permanent can be used to set options permanently. These changes are not effective immediately, only after service restart/reload or system reboot. Without the --permanent option, a change will only be part of the runtime configuration.

When using --permanent option, you should reload configuration by firewall-cmd --reload
This is because --permanent option writes changes to saved configuration, not into running config.

Opening a port with firewalld doesn't seem to work

1 Answers1