The correct answer is C. firewall-cmd --add-service=http --permanent because it ensures that the firewall rule allowing HTTP traffic remains in effect even after a system reboot. In Linux systems using firewalld, rules can be applied in two modes: runtime and permanent.
By default, when a rule is added using firewall-cmd --add-service=http (Option D), it is applied only to the runtime configuration. This means the rule will allow HTTP traffic immediately, but it will be lost once the system is restarted or the firewall service is reloaded.
The --permanent flag ensures that the rule is written to the persistent configuration files, so it survives reboots. After adding a permanent rule, administrators typically run firewall-cmd --reload to apply the changes to the runtime environment as well.
Option A is incorrect because while it reloads the firewall, it does not specify the rule as permanent, so the configuration will not persist after reboot.
Option B is incorrect because --add-port=http is not valid syntax (ports must be specified numerically, e.g., 80/tcp), and --complete-reload is not appropriate here.
Option D is incorrect because it only applies the rule temporarily (runtime only).
From a Linux+ security perspective, managing firewall rules persistently is essential for maintaining secure and consistent network access. Using the --permanent option ensures services like HTTP remain accessible across system restarts while still being controlled by firewall policies.
