Why does firewall-cmd throws error "ALREADY_ENABLED" but is the port not listed when calling firewall-cmd --list-ports?

Solution 1:

The command you say you ran affects the permanent configuration, not the running configuration. But you are listing the running configuration. That is why you don't see them.

You may list the permanent configuration to confirm that the rule has been added successfully.

firewall-cmd --list-all --permanent

You may add the rule to the running configuration instead:

firewall-cmd --zone=public --add-port=443/tcp

Or you may reload the running configuration from the permanent configuration:

firewall-cmd --reload

Also remember that firewalld has defined services for common ports, so it's not usually necessary to open them by number. For example, instead of opening ports 80/tcp and 443/tcp you could instead say:

firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --add-service=https

Finally, when possible, it's better to change rules in the running configuration, verify that they are working, and then save the configuration, rather than the reverse. This allows you a way to revert if something goes wrong and you accidentally lock yourself out of the system.

You can save the running configuration to the permanent configuration by running:

firewall-cmd --runtime-to-permanent

(But some operations only work on the permanent configuration, such as creating new zones. For these you must use --permanent and then immediately --reload the firewall.)