On Wed, Nov 18, 2020 at 12:41:24AM +0530, Vishal K wrote:
Hello Eric,
thanks for the response. I did added this option in public/external zone
firewall-cmd --permanent --add-service slp
# firewall-cmd --reload
Even though the slp services were not getting discovered by other nodes.
As soon as i delete this rule
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
All starts working fine.
That's why i am confused/clueless what can be done to make it work.
Are you sure the other nodes requests are coming in on the default zone?
What does --get-active-zones show?
Thanks
On Wed, Nov 18, 2020, 12:32 AM Eric Garver <egarver(a)redhat.com> wrote:
> On Tue, Nov 17, 2020 at 06:19:09PM -0000, bsp team wrote:
> > Below rule in iptables is causing the slptool to fail in detecting the
> services of other hosts.
> > REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
> > I deleted it by using below command
> > iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
> > and slp started to discover from other node with firewall enabled.
> > however when i reload the firewalld or reboot it again went back to
> original rule (REJECT)
> > how can i delete this rule permanently so that even after reoading
> firewalld daemon it does not go back to default.
> > or is there anyother way
>
> You should _not_ delete this rule. Doing so will likely leave your
> firewall open and your server unprotected. I repeat. DO NOT DELETE THIS
> RULE.
>
> Instead add the `slp` service:
>
> # firewall-cmd --permanent --add-service slp
> # firewall-cmd --reload
>
> The above adds it to the default zone (likely "public"). To add it to a
> specific zone add the `--zone` argument.
>
> # firewall-cmd --permanent --zone external --add-service slp
> # firewall-cmd --reload
>
>
_______________________________________________
firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...