diff --git a/ChangeLog b/ChangeLog
index e9660e37..0b2703fe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24054,3 +24054,5 @@
 2023-04-29 Fred Gleason <fredg@paravelsystems.com>
 	* Fixed a bug where a pending hard start with a non-zero grace time
 	was not cleared properly during a log chain event.
+2023-05-21 Fred Gleason <fredg@paravelsystems.com>
+	* Added a 'rivendell' service for firewalld(1).
diff --git a/conf/Makefile.am b/conf/Makefile.am
index f64bbd7c..54d01369 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -1,6 +1,6 @@
 ## Makefile.am
 ##
-## (C) Copyright 2002-2022 Fred Gleason <fredg@paravelsystems.com>
+## (C) Copyright 2002-2023 Fred Gleason <fredg@paravelsystems.com>
 ##
 ##   This program is free software; you can redistribute it and/or modify
 ##   it under the terms of the GNU General Public License version 2 as
@@ -23,18 +23,25 @@ install-exec-am:
 	cp rd-bin.conf $(DESTDIR)/$(sysconfdir)/
 	mkdir -p $(DESTDIR)/etc/pam.d
 	cp @RIVENDELL_PAM_FILE@ $(DESTDIR)/etc/pam.d/rivendell
+	mkdir -p $(DESTDIR)/usr/lib/firewalld/services
+	cp rivendell-firewalld.xml $(DESTDIR)/usr/lib/firewalld/services/rivendell.xml
+	./firewalld.sh reload
 
 uninstall:	
 	rm -f $(DESTDIR)/$(sysconfdir)/rd-bin.conf
 	rm -f $(DESTDIR)/etc/pam.d/rivendell
+	rm -f $(DESTDIR)/usr/lib/firewalld/services/rivendell.xml
+	./firewalld.sh reload
 
 EXTRA_DIST = asound.conf-sample\
+             firewalld.sh\
              logrotate-sample\
              rd-bin.conf.in\
              rd.conf-sample\
              rivendell-rhel.pam\
              rivendell-ubuntu.pam\
              rivendell-env.sh\
+             rivendell-firewalld.xml\
              rivendell-webapi.conf\
              syslog.conf-sample
 
diff --git a/conf/firewalld.sh b/conf/firewalld.sh
new file mode 100755
index 00000000..437a4252
--- /dev/null
+++ b/conf/firewalld.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# firewalld.sh
+#
+#  Control firewalld
+#
+# (C) Copyright 2023 Fred Gleason <fredg@paravelsystems.com>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License version 2 as
+#   published by the Free Software Foundation.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free Software
+#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
+OPERATION=$1
+
+if test $UID -eq 0 ; then
+    if test -z $FAKEROOTKEY ; then
+	if test $OPERATION = "reload" ; then
+	    /bin/systemctl reload firewalld
+	fi
+	if test $OPERATION = "add" ; then
+	    /bin/firewall-cmd --zone=public --add-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=work --add-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=home --add-service=rivendell --permanent
+	fi
+	if test $OPERATION = "remove" ; then
+	    /bin/firewall-cmd --zone=public --remove-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=work --remove-service=rivendell --permanent
+	    /bin/firewall-cmd --zone=home --remove-service=rivendell --permanent
+	fi
+    fi
+fi
diff --git a/conf/rd.conf-sample b/conf/rd.conf-sample
index f179c2e7..4782f7f3 100644
--- a/conf/rd.conf-sample
+++ b/conf/rd.conf-sample
@@ -199,6 +199,11 @@ TranscodingDelay=0
 ; meters. You should only change this if you have another service
 ; using UDP Port numbers in the range MeterPortBaseNumber to
 ; (MeterPortBaseNumber + MeterPortRange) (extremely rare).
+;
+; N.B. If you change either of these meter port settings, be sure to update
+;      the firewalld(8) settings in '/usr/lib/firewalld/services/rivendell.xml'
+;      as well.
+;
 ; MeterPortBaseNumber=30000
 
 ; Maximum number of UDP Ports to consider for VU meters. You may need
diff --git a/conf/rivendell-firewalld.xml b/conf/rivendell-firewalld.xml
new file mode 100644
index 00000000..d4da5dae
--- /dev/null
+++ b/conf/rivendell-firewalld.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>Rivendell Radio Automation System</short>
+  <description>System for automating the capture, management and play-out of audio content.</description>
+  <port protocol="udp" port="2055"/>        <!-- Livewire GPIO Send -->
+  <port protocol="udp" port="2060"/>        <!-- Livewire GPIO Receive -->
+  <port protocol="udp" port="4001"/>        <!-- Livewire Adverts -->
+  <port protocol="tcp" port="5005"/>        <!-- IPC [caed(8)] -->
+  <port protocol="tcp" port="5006"/>        <!-- IPC [ripcd(8)] -->
+  <port protocol="udp" port="5858-5860"/>   <!-- RML [ripcd(8)] -->
+  <port protocol="udp" port="20539"/>       <!-- Mcast Notify [ripcd(8)] -->
+  <port protocol="udp" port="30000-30100"/> <!-- Meters [caed(8)] -->
+  <port protocol="tcp" port="34289"/>       <!-- PAD [ripcd(8)] -->
+</service>
diff --git a/rivendell.spec.in b/rivendell.spec.in
index e09b1da2..42df07b7 100644
--- a/rivendell.spec.in
+++ b/rivendell.spec.in
@@ -274,6 +274,7 @@ if test ! -e /etc/rsyslog.d/rivendell.conf ; then
     cp @DOC_PATH@/syslog.conf-sample /etc/rsyslog.d/rivendell.conf
 fi
 /bin/systemctl restart rsyslog
+/bin/systemctl reload firewalld
 /usr/sbin/groupadd -r -g 151 pypad &>/dev/null || :
 /usr/sbin/useradd -o -u 151 -g pypad -s /bin/false -r -c "Rivendell PyPAD scripts" -d /dev/null pypad &>/dev/null || :
 exit 0
@@ -298,6 +299,7 @@ if [ -x %{_bindir}/gtk-update-icon-cache ] ; then
   %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || :
 fi
 /bin/systemctl daemon-reload
+/bin/systemctl reload firewalld
 
 
 %clean
@@ -503,6 +505,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/rivendell/html/*
 %{_datadir}/rivendell/apis
 %{_datadir}/rivendell/manpages
+/usr/lib/firewalld/services/rivendell.xml
+
 
 %files webapi
 %{_libdir}/librivwebcapi.so.@INTERFACE_RIVWEBCAPI_MAJOR@