On Tue, Apr 10, 2018 at 04:44:54PM -0500, Lesley Kimmel wrote:
Does firewalld periodically scan its directories?
Yes. It will take 5 seconds for firewalld to make the configuration
change.
Once it notices a change it will wait 5 seconds before triggering the
config update. The wait is to avoid thrashing by allowing many file
modifications and only triggering one update.
I am having an issue where I programmatically create a service file
(/etc/firewalld/services/name.xml) and then immediately try to add it
You can add a service with firewall-cmd as well, see man page for
--new-service. In which case it will be immediate.
(firewall-cmd --permanent --zone public --add-service name) and it
frequently tells me that the service file is not found
You can do a manual reload to pick up the config change faster, but this
may not be what you want as it will also reload runtime rules.
# firewall-cmd --reload
If I put a delay (say 5seconds) in between it seems to work every
time.
I can't find any documentation that this is the expected behavior.
I also did not find it in the documentation. I had to look at the source
code.
I created a github issue to document this [0]. Thanks for pointing it
out.
Eric.
[0]
https://github.com/firewalld/firewalld/issues/325