Red Hat firewalld port add
RHEL uses firewalld to provide network firewall. firewalld has the concept of runtime vs. permanent rules, which help avoid getting the firewall into an unusable state. Permanent rules become live at next restart/reboot, while runtime rules disappear at restart/reboot.
Suppose one wishes to put the SSH server on a non-default port 12345 to mitigate auth log clutter. First configure the SSH server in /etc/ssh/sshd_config, then restart SSH and verify the SSH configuration is working by adding the port to firewalld (here, 12345):
firewall-cmd --add-port=12345/tcpIf this works, make the firewalld rule permanent:
firewall-cmd --permanent --add-port=12345/tcpSELinux will also need an updated policy to allow the SSH port change, like:
semanage port -a -t ssh_port_t -p tcp 12345