Opening outbound ports

I need the outbound port 443 opened to allow for MFA on my Rocky Linux 9.1 system.

I’ve tried these commands below, but nmap still shows the port is closed.

firewall-cmd --new-policy out-public --permanent
firewall-cmd --reload
firewall-cmd --policy out-public --add-egress-zone=public --permanent
firewall-cmd --policy out-public --set-target=ACCEPT --permanent
firewall-cmd --reload

Here is the output of firewall-cmd --list-all:

public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client http https ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Here is command I’m using to test port 443:

sudo nmap -Pn -p 443 scanme.nmap.org

I’m new to firewalld and selinux. What am I missing?

Did some more searching and this selinux command fixed my issue:

sudo setsebool -P httpd_can_network_connect 1

Indeed.

• The default firewall allows all outbound traffic; no need to open anything
• The default is to allow replies in established connections, also inbound
• The ‘nmap’ tries to talk to a process that listens on a port. The attempt is inbound connection. To send outbound does not require the process to listen anything
• The SELinux can block both listening and outbound connections
• The policy objects are about traffic routed from one zone to another. They do not handle inbound nor outbound traffic

Thanks for the explanation @jlehtone. The firewalld commands make sense, but I need to read up on SELinux as that’s something I’m not familiar with.