Product SiteDocumentation Site

3.8.13.5.10. Add a Service to a Zone by Editing XML files
To view the default zone files, enter the following command as root:
~]# ls /usr/lib/firewalld/zones/
block.xml  drop.xml      home.xml      public.xml   work.xml
dmz.xml    external.xml  internal.xml  trusted.xml
These files must not be edited. They are used by default if no equivalent file exists in the /etc/firewalld/zones/ directory.
To view the zone files that have been changed from the default, enter the following command as root:
~]# ls /etc/firewalld/zones/
external.xml  public.xml  public.xml.old
In the example shown above, the work zone file does not exist. To add the work zone file, enter the following command as root:
~]# cp /usr/lib/firewalld/zones/work.xml /etc/firewalld/zones/
You can now edit the file in the /etc/firewalld/zones/ directory. If you delete the file, firewalld will fall back to using the default file in /usr/lib/firewalld/zones/.
To add a service to a zone, for example to allow SMTP to the work zone, use an editor with root privileges to edit the /etc/firewalld/zones/work.xml file to include the following line:
<service name="smtp"/>