Home / server / Questions / 746548
Accepted
giorgio79
Asked: 2016-01-05 00:10:02 +0800 CST

firewalld: if I change the ssh service port, is it enough to allow the new port number, or should I add a new service?

  • 772

I changed the ssh port to an arbitrary number, and noticed firewalld no longer allowed ssh login. I assume the port 22 is hardcoded in the ssh service definition for firewalld. Is it enough if I allow the new port for TCP traffic, or should I define a new service for the custom ssh port?

ssh

2 Answers

  1. Best Answer

    I assume the port 22 is hardcoded in the ssh service definition for firewalld

    On my CentOS/Fedora systems the default service definitions are stored in xml files in /usr/lib/firewalld/services. The filename is the name of the service. These are overridden by the system config stored in /etc/firewalld/services.

    To change the ssh port you could copy /usr/lib/firewalld/services/ssh.xml to /etc/firewalld/services/ssh.xml and modify it for your purpose.

    You then need to relod the configuration 

    firewall-cmd --reload

    Now your system should be allowing ssh connections on your new port.

    I would certainly use a service name over a port number as that makes it a bit clearer what's going on. Whether creating a new service or overriding an existing one is better I wouldn't like to say. It's not exactly hard to figure out what's going on.

    • 9

  2. I had this problem w/ SSH after changing the port in CentOS 7. The issue is with SElinux - you need to add a context for the new port or, if you don't use SElinux, disable it. Also, you don't need to add a new service - just whitelisting the new port will do.

    • 1