A service can be a list of local ports and destinations as well as a list of firewall helper modules automatically loaded if a service is enabled. The use of predefined services makes it easier for the user to enable and disable access to a service. Using the predefined services, or custom defined services, as opposed to opening ports or ranges or ports may make administration easier. Service configuration options and generic file information are described in the firewalld.service(5) man page. The services are specified by means of individual XML configuration files which are named in the following format: service-name.xml.

To view the list of services using the graphical firewall-config tool, press the super key and start typing firewall. The firewall icon will appear. Press enter once it is highlighted. The firewall-config tool appears. You will be prompted for your user password. You can now view the list of services under the Services tab.

To list the default predefined services available using the command line, issue the following command as root:

~]# ls /usr/lib/firewalld/services/

Files in /usr/lib/firewalld/services/ must not be edited. Only the files in /etc/firewalld/services/ should be edited.

To list the system or user created services, issue the following command as root:

~]# ls /etc/firewalld/services/

Services can be added and removed using the graphical firewall-config tool and by editing the XML files in /etc/firewalld/services/. If a service has not be added or changed by the user, then no corresponding XML file will be found in /etc/firewalld/services/. The files /usr/lib/firewalld/services/ can be used as templates if you wish to add or change a service. As root, issue a command in the following format:

~]# cp /usr/lib/firewalld/services/[service].xml /etc/firewalld/services/[service].xml

You may then edit the newly created file. firewalld will prefer files in /etc/firewalld/services/ but will fall back to /usr/lib/firewalld/services/ should a file be deleted, but only after a reload.