defining firewalld services
Thomas Woerner
twoerner at redhat.com
Wed Jul 16 09:24:27 UTC 2014
On 07/08/2014 01:20 AM, Ian Pilcher wrote:
> On 07/07/2014 12:03 PM, Thomas Woerner wrote:
>> On 07/07/2014 02:55 PM, Stephen Gallagher wrote:
>>> Thomas, the real question here is this: If a package wants to install
>>> (and maintain) its own set of firewalld service definitions, is the
>>> approach Stef took the best one? If so, we should submit a Packaging
>>> Guidelines edit to the FPC and get this codified where others can find
>>> it.
>>>
>> Yes, this is the best approach right now.
>
> Hmm. If I've made a temporary change to my firewall settings, I might
> be a bit annoyed if an (apparently unrelated) package installation
> caused the configuration to revert to the permanent configuration.
>
> Is there not a more specific command that adds the service definition to
> the current environment without a full reload?
>
No, there is no command for this. Changes to (also addition and removal
of) services are done in the permanent environment only to have a
consistent state in the runtime environment. I have done this because
the adoption of changes to zone, services etc. might lead into problems.
Please think of these examples:
- A service definition has been removed.
- A service definition has been changed in an incompatible way:
Different port number or range.
The adoption of a changed port number for a service should be done in
the service and in firewalld at the same time. There is no interface for
this.
More information about the devel
mailing list