Mosh (mobile shell) is a gift from the Gods(tm). Anyone with spotty internet or wireless connection has suffered the pain of a lost SSH session. Sure, one can fire up screen (or tmux as the kids are using these days), but that's an extra step and you are still using the SSH protocol.
I'm not here to tout the benefits of Mosh, you came here to open it up in your firewall.
- Create the following file as
/etc/firewalld/services/mosh.xml firewall-cmd --reloadfirewall-cmd --add-service=mosh --permanent
If you tend to have a lot of sessions (not recommended), you can increase the ports, but the default should be fine for most applications.
Never, ever, ever modify the files in /usr/lib/firewalld/, they will be overwritten on upgrade. firewalld will look for any customization files in /etc/firewalld/ first for any services/ or zones/, so edit or create files there.