Hello!
I am trying to make use of firewalld now that I am in F17, but documentation is slim :).
I have created a zone xml file in /usr/local/lib/firewalld/zones/ and added some services to /usr/local/lib/firewalld/services/ . I have then linked them to the appropriate folders in /etc/firewalld.
Even after reloading firewalld, it does not list my new zone when I issue the command firewall-cmd --get-zones. I have set my interface to use my new zone in the appropriate /etc/sysconfig/network-scripts file. Now when I issue firewall-cmd --get-zone-of-interface=eth0 I get no output, instead of "public," which was the zone it used to receive by default.
If I issue "nmcli -f NAME,DEVICES,ZONE con status" it lists my new zone, so I guess that is something :).
Am I doing this all wrong?! Thank you for any assistance,
Patrick
On 03/30/2012 10:50 PM, Patrick wrote:
Hello!
I am trying to make use of firewalld now that I am in F17, but documentation is slim :).
I have created a zone xml file in /usr/local/lib/firewalld/zones/ and added some services to /usr/local/lib/firewalld/services/ . I have then linked them to the appropriate folders in /etc/firewalld.
Even after reloading firewalld, it does not list my new zone when I issue the command firewall-cmd --get-zones. I have set my interface to use my new zone in the appropriate /etc/sysconfig/network-scripts file. Now when I issue firewall-cmd --get-zone-of-interface=eth0 I get no output, instead of "public," which was the zone it used to receive by default.
If I issue "nmcli -f NAME,DEVICES,ZONE con status" it lists my new zone, so I guess that is something :).
Am I doing this all wrong?! Thank you for any assistance,
Please have a look at /var/log/firewalld if there is an error about the zone file you have added.
If there is an error about the zone, please post additionally to the zone file.
If there is no error, please enable the debug mode of firewalld by adding --debug at the line ExecStart line in /usr/lib/systemd/system/firewalld.service: ExecStart=/usr/sbin/firewalld --nofork --debug
firewalld will then write additional debug log information to /var/log/firewalld
There should be a message about the zone file in the log, now.
Patrick _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/firewalld-users
Thanks, Thomas
Hello, thank you for the reply!
I "fixed" it by copying the xml file directly to the proper folder in /etc/firewalld instead of symbolically linking it. The original file was in /usr/local/lib/firewalld/services/ and all root:root 644. I don't know enough about permissions to speculate why it wouldn't work like that, but that is the same permissions the new file has in /etc/firewalld and it is happy with it now!
Patrick
On Wed, Apr 4, 2012 at 09:20, Thomas Woerner twoerner@redhat.com wrote:
On 03/30/2012 10:50 PM, Patrick wrote:
Hello!
I am trying to make use of firewalld now that I am in F17, but documentation is slim :).
I have created a zone xml file in /usr/local/lib/firewalld/zones/ and added some services to /usr/local/lib/firewalld/services/ . I have then linked them to the appropriate folders in /etc/firewalld.
Even after reloading firewalld, it does not list my new zone when I issue the command firewall-cmd --get-zones. I have set my interface to use my new zone in the appropriate /etc/sysconfig/network-scripts file. Now when I issue firewall-cmd --get-zone-of-interface=eth0 I get no output, instead of "public," which was the zone it used to receive by default.
If I issue "nmcli -f NAME,DEVICES,ZONE con status" it lists my new zone, so I guess that is something :).
Am I doing this all wrong?! Thank you for any assistance,
Please have a look at /var/log/firewalld if there is an error about the zone file you have added.
If there is an error about the zone, please post additionally to the zone file.
If there is no error, please enable the debug mode of firewalld by adding --debug at the line ExecStart line in /usr/lib/systemd/system/firewalld.service: ExecStart=/usr/sbin/firewalld --nofork --debug
firewalld will then write additional debug log information to /var/log/firewalld
There should be a message about the zone file in the log, now.
Patrick _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/firewalld-users
Thanks, Thomas _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/firewalld-users
Hello Patrick,
On 04/04/2012 10:33 PM, Patrick wrote:
Hello, thank you for the reply!
I "fixed" it by copying the xml file directly to the proper folder in /etc/firewalld instead of symbolically linking it. The original file was in /usr/local/lib/firewalld/services/ and all root:root 644. I don't know enough about permissions to speculate why it wouldn't work like that, but that is the same permissions the new file has in /etc/firewalld and it is happy with it now!
this was most likely a SELinux limitation. Files outside of /etc/firewalld do not have proper SELinux contexts.
Patrick
Thomas
firewalld-users@lists.stg.fedorahosted.org