firewalld: if I change the ssh service port, is it enough to allow the new port number, or should I add a new service?

Solution 1

I assume the port 22 is hardcoded in the ssh service definition for firewalld

On my CentOS/Fedora systems the default service definitions are stored in xml files in /usr/lib/firewalld/services. The filename is the name of the service. These are overridden by the system config stored in /etc/firewalld/services.

To change the ssh port you could copy /usr/lib/firewalld/services/ssh.xml to /etc/firewalld/services/ssh.xml and modify it for your purpose.

You then need to relod the configuration

firewall-cmd --reload

Now your system should be allowing ssh connections on your new port.

I would certainly use a service name over a port number as that makes it a bit clearer what's going on. Whether creating a new service or overriding an existing one is better I wouldn't like to say. It's not exactly hard to figure out what's going on.

Solution 2

I had this problem w/ SSH after changing the port in CentOS 7. The issue is with SElinux - you need to add a context for the new port or, if you don't use SElinux, disable it. Also, you don't need to add a new service - just whitelisting the new port will do.

Related videos on Youtube

07 : 14

how to change ssh server port number

linux joy

686

21 : 18

CHANING DEFAULT PORT OF SSH AND PORT FORWARDING IN RHEL/CENTOS 8 LINUX

Musab Syed

507

04 : 58

Change SSH Port Linux

Nicks TechSpot

14

09 : 34

|How to Change the Default SSH 22 Port| |In Centos 7| |2020|

itgurupro

2

01 : 54

if I change the ssh service port, is it enough to allow the new port number,

Roel Van de Paar

0

Author by

giorgio79

Updated on September 18, 2022