If you don’t use port 22 for SSH, then you need to add another port. The ssh service only recognises port 22. So if you changed this, you need to create your own custom service, or add the port to the rule.
firewall-cmd --add-port=10022/tcp --permanent
firewall-cmd --reload
assuming port 10022 is your new ssh port. Or create custom service:
[root@rocky8 ~]# firewall-cmd --new-service=ssh-10022 --permanent
success
[root@rocky8 ~]# firewall-cmd --service=ssh-10022 --add-port=10022/tcp --permanent
success
[root@rocky8 ~]# firewall-cmd --info-service ssh-10022 --permanent
ssh-10022
ports: 10022/tcp
protocols:
source-ports:
modules:
destination:
includes:
helpers:
[root@rocky8 ~]# firewall-cmd --zone=public --add-service=ssh-10022 --permanent
success
[root@rocky8 ~]# firewall-cmd --reload
success
And then after adding custom service:
public (active)
target: default
icmp-block-inversion: no
interfaces: enp1s0
sources:
services: cockpit dhcpv6-client http https ssh ssh-10022
Custom service is nice, makes it real clear. Adhoc, can be just done by adding a port to the zone, and then it looks like this:
public (active)
target: default
icmp-block-inversion: no
interfaces: enp1s0
sources:
services: cockpit dhcpv6-client http https ssh
ports: 10022/tcp