On Wed, Nov 18, 2020 at 05:51:09PM +0530, Vishal K wrote:
Hello Eric/Team,
Please check the below snip from the 2 nodes on which i am working to make
slp service work , but it is not getting discovered from other node.
from same node it show the service
i have added the slp service in firewall at both the node . Can someone
help me in getting this issue fixed.
[image: image.png]
This is indeed a nice screenshot. Unfortunately it does not contain any
of the information I asked for.
Please copy/paste the output of the following command:
# firewall-cmd --list-all-zones
On Wed, Nov 18, 2020 at 2:58 AM Eric Garver <egarver(a)redhat.com> wrote:
> On Wed, Nov 18, 2020 at 01:06:52AM +0530, Vishal K wrote:
> > Hello Eric,
> >
> > I Will check that details(other nodes requests are coming in on the
> default
> > zone) and update.
> > Meanwhile i have another system where sles12 is runnin and there i see
> > below rule by default
> >
> > In INPUT chain
> > ACCEPT icmp -- anywhere anywhere ctstate RELATED
>
> I'm not sure where this rule is coming from. You can check the firewalld
> configuration.
>
> # firewall-cmd --list-all-zones
>
> >
> >
> > I wonder it's not there in sles15.
> >
> > Thanks
> >
> >
> >
> > On Wed, Nov 18, 2020, 12:47 AM Eric Garver <egarver(a)redhat.com> wrote:
> >
> > > On Wed, Nov 18, 2020 at 12:41:24AM +0530, Vishal K wrote:
> > > > Hello Eric,
> > > >
> > > > thanks for the response. I did added this option in public/external
> zone
> > > >
> > > > firewall-cmd --permanent --add-service slp
> > > > # firewall-cmd --reload
> > > > Even though the slp services were not getting discovered by other
> nodes.
> > > > As soon as i delete this rule
> > > >
> > > > iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
> > > >
> > > > All starts working fine.
> > > >
> > > > That's why i am confused/clueless what can be done to make it
work.
> > >
> > > Are you sure the other nodes requests are coming in on the default
> zone?
> > > What does --get-active-zones show?
> > >
> > > > Thanks
> > > >
> > > >
> > > > On Wed, Nov 18, 2020, 12:32 AM Eric Garver
<egarver(a)redhat.com>
> wrote:
> > > >
> > > > > On Tue, Nov 17, 2020 at 06:19:09PM -0000, bsp team wrote:
> > > > > > Below rule in iptables is causing the slptool to fail in
> detecting
> > > the
> > > > > services of other hosts.
> > > > > > REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
> > > > > > I deleted it by using below command
> > > > > > iptables -D INPUT -j REJECT --reject-with
icmp-host-prohibited
> > > > > > and slp started to discover from other node with firewall
> enabled.
> > > > > > however when i reload the firewalld or reboot it again went
back
> to
> > > > > original rule (REJECT)
> > > > > > how can i delete this rule permanently so that even after
> reoading
> > > > > firewalld daemon it does not go back to default.
> > > > > > or is there anyother way
> > > > >
> > > > > You should _not_ delete this rule. Doing so will likely leave
your
> > > > > firewall open and your server unprotected. I repeat. DO NOT
DELETE
> THIS
> > > > > RULE.
> > > > >
> > > > > Instead add the `slp` service:
> > > > >
> > > > > # firewall-cmd --permanent --add-service slp
> > > > > # firewall-cmd --reload
> > > > >
> > > > > The above adds it to the default zone (likely
"public"). To add it
> to a
> > > > > specific zone add the `--zone` argument.
> > > > >
> > > > > # firewall-cmd --permanent --zone external --add-service
slp
> > > > > # firewall-cmd --reload
> > > > >
> > > > >
> > >
> > > > _______________________________________________
> > > > firewalld-users mailing list --
> firewalld-users(a)lists.fedorahosted.org
> > > > To unsubscribe send an email to
> > > firewalld-users-leave(a)lists.fedorahosted.org
> > > > Fedora Code of Conduct:
> > >
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > > List Guidelines:
>
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > > List Archives:
> > >
>
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...
> > >
> > >
>
> > _______________________________________________
> > firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to
> firewalld-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
>
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...
>
>
_______________________________________________
firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...