This module allows for addition or deletion of services and ports either tcp or udp in either running or permanent firewalld rules.


service Name of a service to add/remove to/from firewalld - service must be listed in /etc/services.
port Name of a port or port range to add/remove to/from firewalld. Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.
rich_rule Rich rule to add/remove to/from firewalld.
source The source/network you would like to add/remove to/from firewalld
zone The firewalld zone to add/remove to/from (NOTE: default zone can be configured per system but "public" is default from upstream. Available choices can be extended based on per-system configs, listed here are "out of the box" defaults).
  • work
  • dropinternalexternaltrustedhomedmzpublicblock
permanent Should this configuration be in the running firewalld configuration or persist across reboots. true
immediate Should this configuration be applied immediately, if set as permanent
state Should this port accept(enabled) or reject(disabled) connections. true
  • enabled
  • disabled
timeout The amount of time the rule should be in effect for when non-permanent.


Adam Miller (@maxamillion)