Why does opening ports not work?

I want to make a factorio server, which requires an open udp port (at 34197). I am trying to use firewalld to achieve this. I did not change any settings aside from the commands in this post.

To open the port I ran this:

[root@scardex ~]# firewall-cmd --add-port=34197/udp --permanent
success

To test I ran the following:

[root@scardex ~]# netstat -lntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2019          0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN

[root@scardex ~]# nc -vz -u localhost 34197
Ncat: Version 7.91 ( https://nmap.org/ncat )
Ncat: Connected to ::1:34197.
Ncat: Connection refused.

running the firewalld command list-ports returns an empty line:

[root@scardex ~]# firewall-cmd --list-ports

Running the initial command again, I get this:

[root@scardex ~]# firewall-cmd --add-port=34197/udp --permanent
Warning: ALREADY_ENABLED: 34197:udp
success

What is going on here? why can’t I open my port?

‘–permanent’ rules are not added until the service is reloaded. Try running ‘firewall-cmd --reload’

You must reload the firewall when adding a rule with permanent:

firewall-cmd --reload

The firewall-cmd can modify both the active config and the config stored in files.
The firewalld does create the active config from the files on boot.

The firewall-cmd commands that have option ‘–permanent’ do write to files.

firewall-cmd --reload

You do show that nothing listens on 34197/udp. The nc would give the “Connection refused” even when firewall does not block anything.

PS. ‘ss’ is more modern ‘netstat’. ss -ulnp for programs that listen some UDP ports.

Yay! This solution worked!