# Revision history [back]

As stated in the first comment, firewall-cmd can be used to add rules to configuration.

firewallctl command can be used as well. Run following commands as root (prefix them with sudo)

$firewallctl info zones -a This will show you active zones with services enabled in them. You want to enable dns service in your active zone. My output is this: FedoraWorkstation (active) target: default icmp-block-inversion: no interfaces: ens3 sources: services: ssh dhcpv6-client samba-client dns ports: 1025-65535/udp 1025-65535/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:  Now you know name of your default zone. It should be one of FedoraWorkstation or FedoraServer by default. My zone is FedoraWorkstation, so add dns service. $ firewallctl zone FedoraWorkstation add service dns


Now try to query your server from the outside. It should give you REFUSED answers from dig

$dig @yourip localhost. A  If it does work, let's save the firewall configuration to permanent storage $ firewallctl runtime-to-permanent


Now it should be started again with that service enabled all the time