Not a remake, but more a move to using firewalld as default (there are alternatives available).
The new layout confuses me in how I can open ports for the firewall. Previously I clicked on Allowed Services, Advanced, and was able to add a TCP port there… now however there seems to be a new design based on zones.
Yes, firewalld provides broad categories called zones (each configured to provide a level of trust). For most of us using one (or two) interfaces, it makes sense to stay with the defaults, each configured to allow specific services. The zones can be configured as you see fit.
The issue is that I don’t know which zone I should open a port in: My device appears in a zone called “default”, but that’s not an actual zone available in the drop-down list, thus it doesn’t tell me when a rule actually gets used or not.
The connected network interface is likely in the public zone. You can confirm that with
If using multiplle interfaces and zones you can also do
More comprehensive information can be got using
Also how do I separate those ports in the field (with spaces, commas, etc)? Thanks for the clarification.
Many of the common services can be enabled (permitted) in the GUI (firewall-config) by checking the appropriate service in the list of services. For adding ports numerically, just add one at a time, or a range eg ‘3000-4000’
The CLI command to allow port 5000 TCP would be
sudo firewall-cmd --zone=public --add-port=5000/tcp
Hope that helps.