I changed the ssh port to an arbitrary number, and noticed firewalld no longer allowed ssh login. I assume the port 22 is hardcoded in the ssh service definition for firewalld.
Is it enough if I allow the new port for TCP traffic, or should I define a new service for the custom ssh port?
Ssh – firewalld: if I change the ssh service port, is it enough to allow the new port number, or should I add a new service
firewalldportssh
Best Answer
On my CentOS/Fedora systems the default service definitions are stored in xml files in
/usr/lib/firewalld/services. The filename is the name of the service. These are overridden by the system config stored in/etc/firewalld/services.To change the ssh port you could copy
/usr/lib/firewalld/services/ssh.xmlto/etc/firewalld/services/ssh.xmland modify it for your purpose.You then need to relod the configuration
Now your system should be allowing ssh connections on your new port.
I would certainly use a service name over a port number as that makes it a bit clearer what's going on. Whether creating a new service or overriding an existing one is better I wouldn't like to say. It's not exactly hard to figure out what's going on.