Willard's Guide to Computing for Forgetful Power Users

Troubles with `firewalld`

| 2 minute read

This weekend, I decided to pop open my blog to tweak and fix a few layout and organization things. To be able to quickly iterate, I quickly installed httpd on a development VM so that I could treat it like a real webserver and not just host it locally on my laptop.

Usually, when I do this, I use Ubuntu and Apache, which is pretty quick and simple to get running. Fedora, however, likes to be special, and use httpd. It also happens to have firewalld, which is a service I have experience with, but, I’ll admit, has been a while.

So I go to host the files, I change the configs and the ownership on the website files and everything, and I patch the firewall on the “Public” zone.

$ sudo chown -R wilnil:apache /var/www/html
$ sudo firewall-cmd --permanent --zone=public --add-service=http
$ sudo firewall-cmd --permanent --zone=public --add-service=https

And, of course, it wouldn’t be a blog post if it worked, now would it?

No, for some reason this Fedora server didn’t much care for the Public Zone, and, in fact, it wasn’t even enabled, despite having services.

$ sudo firewall-cmd --list-all-zones
  target: default
  icmp-block-inversion: no
  services: dhcpv6-client http https mdns ssh
  masquerade: no
  rich rules:

Ok, then, skippie. If you’re so smart, then what zones are active!?

$ sudo firewall-cmd --get-active-zones
  interfaces: ens18


Well, then, uh…

$ sudo firewall-cmd --permanent --zone=FedoraServer --add-service=http
$ sudo firewall-cmd --permanent --zone=FedoraServer --add-service=https


Not sure if this is some kind of security risk, but for a quick dev server, it got the job done.