# vi /usr/lib/firewalld/services/ssh.xml
– <port protocol=”tcp” port=”22″/>
+ <port protocol=”tcp” port=”{another port}”/>
multilines with each ports can work.
# firewall-cmd –reload
# firewall-cmd –get-services
…
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
…
can use only dhcpv6-client, ssh.
# systemctl restart firewalld
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all — anywhere anywhere
…skip…
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp — anywhere anywhere tcp dpt:11122 ctstate NEW
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
#
