The firewall-cmd tool has a neat feature in that it knows what ports are used for certain services. This is handy for things like web server ports which our tired brains may forget from time to time (hint: it’s 80 for http and 443 for https). Even without knowing those numbers, we can still open those ports from the command line like so:
firewall-cmd --add-service http --permanent firewall-cmd --add-service https --permanent systemctl restart firewalld
This will open both 80 and 443 on the firewall, and it’ll remain a permanent fixture (i.e. survive a restart). The last nice restarts the firewall, without which the changes won’t come into effect.
You can see a list of added services via
firewall-cmd --list-all
Should you ever need to remove a service again, use the –remove-service option.