Hello,
On 12/20/2012 02:58 PM, Stefan Hellermann wrote:
Hi,
I want to allow traffic of the ospf protocol in the work zone. But I found no way to do this, besides custom iptables commands and firewall-cmd --direct rules which are not persistent. There are more than 100 protocols listed in /etc/protocols, so there should be a way to allow a custom protocol.
My best try: firewall-cmd --direct --add-rule ipv4 filter INPUT 99 -d 224.0.0.5 -p ospf -j ACCEPT
the best way to do this for now is to define a new service. There you can use protocols besides tcp and udp. Please have a look at the firewalld.service man page.
I have created a test service entry (/etc/firewalld/services/ospf.xml) for the line above:
<?xml version="1.0" encoding="utf-8"?> <service> <short>OSPF</short> <description></description> <port protocol="ospf" port=""/> <destination ipv4="224.0.0.5"/> </service>
How can I get this use case to work with firewalld? Or will this be never supported? I'm trying all this on freshly installed a Fedora 18. What chain should I use? INPUT works for me, but there are others which look more correct, like IN_ZONE_work_allow, IN_ZONE_work or IN_ZONE_work_direct
Just add the file and (permanently) enable the OSPF service in the work zone.
Regards, Stefan Hellermann _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Thanks, Thomas