If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.
The --add-service option can be used to allow connections to a certain service, such as SMTP.
firewall-cmd --add-service=smtp --permanent firewall-cmd --reload
The --remove-service option can be used to remove an allows service.
firewall-cmd --remove-service=smtp --permanent firewall-cmd --reload
Each service has an XML file located at /usr/lib/firewalld/services which contains the port and protocol being used by the service. For example, the ssh.xml file is using port 22 and the TCP protocol.
<?xml version="1.0" encoding="utf-8"?> <service> <short>SSH</short> <port protocol="tcp" port="22"/> </service>
The --list-services option can be used to display the services that are allowed in a zone.
~]# firewall-cmd --zone public --list-services smtp
Or, the --list-all option can be used.
~]# firewall-cmd --list-all public target: default icmp-block-inversion: no interfaces: eth0 sources: services: smtp ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: