firewall-cmd - ports vs services - how are you using it?

Latest response

I like concept so far and it seems intuitive. One thing I am struggling with is probably more of a preference thing - and now I am curious how others look at this aspect.

Coming from IPtables - I feel more comfortable just dealing in terms of ports. However, I now see a lot of documentation indicating "--add-service". That seems rather productive. The part I am "missing" though.. if I enable a service, shouldn't I now see the port in the --list-ports output?

Take the following example:

[root@testbox ~]# firewall-cmd --list-ports 
22/tcp
[root@testbox ~]# firewall-cmd --permanent --add-service=http
success
[root@testbox ~]# firewall-cmd --reload
success
[root@testbox ~]# firewall-cmd --list-ports 
22/tcp
[root@testbox ~]# 

Which now has me wondering: should you use either "ports" or "services" (but not both) to manage the firewall, or should they be used together?

Responses