🟡 Medium   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: Oracle Linux 10

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Opened ports disappear after firewalld reload or reboot, breaking service reachability.

Environment & Reproduction

Commands were applied to runtime configuration only.

firewall-cmd --list-all
firewall-cmd --permanent --list-all

Root Cause Analysis

Rules were added without –permanent or to the wrong zone.

Quick Triage

Compare runtime and permanent policy sets.

firewall-cmd --get-active-zones
firewall-cmd --zone=public --list-ports

Step-by-Step Diagnosis

Find drift between active interface zone and configured permanent rules.

nmcli -f GENERAL.CONNECTION,IP4.ADDRESS device show
firewall-cmd --runtime-to-permanent --check-config 2>/dev/null || true
Illustrative mockup for oracle-linux-10 — firewalld_runtime_only
Runtime-only rule state — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Write required rules permanently and reload firewalld.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-port=8443/tcp
firewall-cmd --reload
Illustrative mockup for oracle-linux-10 — firewalld_permanent_rules
Permanent zone policy applied — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Use rich rules for source-specific access controls.

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.10.0.0/16 port port=22 protocol=tcp accept'

Verification & Acceptance Criteria

Rules persist after reload and reboot.

firewall-cmd --list-all
reboot

Rollback Plan

Remove newly added permanent rules if access policy was over-permissive.

firewall-cmd --permanent --zone=public --remove-port=8443/tcp
firewall-cmd --reload

Prevention & Hardening

Manage firewall state with infrastructure-as-code and zone ownership standards.

systemctl enable --now firewalld
firewall-cmd --state

Connection refused after reload, dropped packets in default zone.

Related tutorial: View the step-by-step tutorial for oracle-linux-10.

View all oracle-linux-10 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

firewalld zones, rich rules, and permanent/runtime behavior.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.