26.3.1.2 Controlling Access to Services

You can permit or deny access to a service by specifying its name. The following command lists the services to which access is allowed on the local system for the work zone:

# firewall-cmd --zone=work --list-services
ssh samba 

In this example, the system allows access by SSH and Samba clients.

To permit access by NFS and HTTP clients when the work zone is active, use the --add-service option:

# firewall-cmd --zone=work --add-service=http --add-service=nfs
success
# firewall-cmd --zone=work --list-services
http nfs ssh samba 
Note

If you do not specify the zone, the change is applied to the default zone, not the currently active zone.

To make rule changes persist across reboots, run the command again, additionally specifying the --permanent option:

# firewall-cmd --permanent --zone=work --add-service=http --add-service=nfs
success

To remove access to a service, use the --remove-service option, for example:

# firewall-cmd --zone=work --remove-service=samba
success
# firewall-cmd --permanent --zone=work --remove-service=samba
success
# firewall-cmd --zone=work --list-services
http nfs ssh