Proper way to change zones?
by Patrick
Hello!
I am trying to make use of firewalld now that I am in F17, but
documentation is slim :).
I have created a zone xml file in /usr/local/lib/firewalld/zones/ and
added some services to /usr/local/lib/firewalld/services/ . I have
then linked them to the appropriate folders in /etc/firewalld.
Even after reloading firewalld, it does not list my new zone when I
issue the command firewall-cmd --get-zones. I have set my interface to
use my new zone in the appropriate /etc/sysconfig/network-scripts
file. Now when I issue firewall-cmd --get-zone-of-interface=eth0 I get
no output, instead of "public," which was the zone it used to receive
by default.
If I issue "nmcli -f NAME,DEVICES,ZONE con status" it lists my new
zone, so I guess that is something :).
Am I doing this all wrong?! Thank you for any assistance,
Patrick
11 years, 11 months
FirewallD Rule for Port and Interface
by Scott Talbert
Hi,
I have been looking at firewalld in Fedora 17 in order to understand how
to convert an iptables command that I use in a script into a firewalld
one. The iptables command that I'm using is:
iptables -I INPUT -p udp -i $INTERFACE --dport 67 -j ACCEPT
With firewalld-cmd I can do:
firewall-cmd --add --port=67/udp
But there doesn't seem to be a way for me to specify an interface as well?
As in, I only want to open UDP port 67 on a specific network interface,
not all interfaces.
Thanks,
Scott
11 years, 11 months
Testing firewalld
by dobu
Hi,
I'm using Fedora 17 (alpha) at the moment and was interested in testing
out the firewalld. It works so far, but I still have a few questions and
couldn't find much documentation (except for Developers).
*) Why should I change from ip*tables (with the system-config-firewall
front-end) to firewalld as an end-user? So far it seems to me, that
without a GUI (I wouldn't count the firewall-applet as a proper GUI) it
is way harder to configure.
*) My home network consists of 2 laptops with fedora and one Macbook.
I've placed my laptops into the 'home' zone. Now I wanted to share some
files and used samba. I added the service, but next day it didn't work
anymore. Do I really have to enable samba everytime I reboot the system
with 'firewall-cmd --add --zone=home --service=samba'? How can I add a
service permanently to a zone? Sorry if that's a stupid question but I
couldn't find anything about that.
*) I really, really love the zone idea. I hope the firewall-config tool,
that is mentioned in the Fedora Feature Page, will be in the repository
soon.
*) The firewall-applet doesn't do much at the moment, does it? Shouldn't
the .desktop file be hidden, so it doesn't show up in the Applications
(that's more a package maintainer problem, I guess)?
Well, that's it for now. I will be using it for a while and report bugs
if I stumble over one. So far no problems in standard usage (that means
no network printer, just casual home-user).
dobu
11 years, 12 months