Firewalld service abstractions help simplify the setup and teardown of firewall rules. Iperf is a handy network testing tool shipping with RHEL. Making it easy to enable iperf temporarily with firewalld would be handy.

Below is the upstream commit for the RFE:-
https://github.com/firewalld/firewalld/commit/a21b401f6d8dd6eb65adba1878a29d63086b15e7

I back ported the commit, built a test firewalld package and provided it to cu to
test it. I too test it on my local vm.

Cu confirmed it works as expected.

Below is my task id, You can download the rpm's from there is you want.

> rhpkg scratch-build --arches=x86_64 --target=rhel-9.6.0-test-pesign
Building firewalld-1.3.4-15.el9_6_0.sfdc04199583 for rhel-9.6.0-test-pesign
Created task: 68322742
Task info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=68322742
Watching tasks (this may be safely interrupted)...
68322742 build (rhel-9.6.0-test-pesign, /git/rpms/firewalld:9e3a5fead301c58fd93d14e271fbbe439149acaa): free

Below is my testing on my local vm.

1. firewall-cmd --add-service=ip
   iperf2 iperf3 ipfs ipp ipp-client ipsec

1. firewall-cmd --add-service=iperf3
   success

1. firewall-cmd --add-service=iperf2
   success

1. firewall-cmd --list-all
   public (active)
   target: default
   icmp-block-inversion: no
   interfaces: enp1s0
   sources:
   services: cockpit dhcpv6-client https iperf2 iperf3 samba ssh
   ports:
   protocols:
   forward: yes
   masquerade: no
   forward-ports:
   source-ports:
   icmp-blocks:
   rich rules:

I can see the port numbers 5201 and 5001 in the below output of
rules.

chain filter_IN_public_allow

{ tcp dport 22 accept ip6 daddr fe80::/64 udp dport 546 accept tcp dport 9090 accept tcp dport 443 accept udp dport 137 ct helper set "helper-netbios-ns-udp" udp dport 137 accept udp dport 138 accept tcp dport 139 accept tcp dport 445 accept tcp dport 5201 accept udp dport 5201 accept sctp dport 5201 accept tcp dport 5001 accept udp dport 5001 accept }