Linux FirewallD Rules

The task was to open port 6000 on firewalld

My Proposed Solution:

firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 port port="6000" protocol=tcp accept'
firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 port port="6000" protocol=tcp accept' --permanent


[root@stbkp01 ~]# firewall-cmd --zone=public --list-all
  target: default
  icmp-block-inversion: no
  services: dhcpv6-client ssh
  masquerade: no
  rich rules:
        rule family="ipv4" port port="6000" protocol="tcp" accept

However the task was marked as failed. Now, on the one hand I can see why, but it looks like you are not correctly checking that port 6000 tcp is open, but rather checking only a specific portion of firewalld config, as there are many ways to achieve this, and I beleive this is successful, though for future labs I will add port 6000/tcp to “Ports” instead of adding a rich rule, however I still beleive this should be marked as successful.

Kind Regards
Richard A. Forth

For the record, my alternative method would be

firewall-cmd --zone=public --permanent --add-port=6000/tcp
firewall-cmd --zone=public --permanent --add-port=6000/tcp --permanent

However I believe both achieve the same result, I would recommend having an app that listens on port 6000 and checking that 6000/tcp is open as that would catch both methods, or even a third method of creating a custom service to open 6000/tcp in /usr/lib/firewalld/services - all of which are valid ways to open port 6000/tcp on the firewalld setup.


Thanks for reporting this. You are right. Your answer has been marked as Success. There was a minor issue with validation which is fixed now.

Many Thanks :slight_smile: