Hello Scott,
On 03/30/2012 02:40 AM, Scott Talbert wrote:
Hi,
I have been looking at firewalld in Fedora 17 in order to understand how
to convert an iptables command that I use in a script into a firewalld
one. The iptables command that I'm using is:
iptables -I INPUT -p udp -i $INTERFACE --dport 67 -j ACCEPT
With firewalld-cmd I can do:
firewall-cmd --add --port=67/udp
But there doesn't seem to be a way for me to specify an interface as
well? As in, I only want to open UDP port 67 on a specific network
interface, not all interfaces.
Are you setting up interfaces by hand or are you using NetworkManager or
the network service?
If you are using NetworkManager or the network service:
You can use a separate zone for the interface you want to enable the
bootps port. Just add "ZONE=<zone>" to the ifcfg- file for this
interface, then it will automatically be used. For example use the work
zone and enable the bootps port for this zone. Either temoprary with
firewall-cmd or by editing the zone file. The default zone is 'public'.
As root user:
1) Copy the work zone from the default zones to the customized zone
directory: cp /usr/lib/firewalld/zones/work.xml /etc/firewalld/zones/
2) Add the port line to the zone (between <zone..> and </zone>):
<port port="67" protocol="udp"/>
3) firewall-cmd --reload
You can verify if the port is open now: iptables -S | grep 67
To get the default zone (default: 'public'): firewall-cmd --get-default-zone
To get the active zones: firewall-cmd --get-active-zones
If you are setting up interfaces by hand:
Create a customized zone and use firewall-cmd to add th einterface to
the zone: firewall-cmd --zone=<zone> --add --interface=<interface>
Thanks,
Scott
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/firewalld-users
Thanks,
Thomas