On Thu, Aug 13, 2020 at 12:47:15PM -0400, Eric Garver wrote:
On Thu, Aug 13, 2020 at 11:25:18AM -0500, Eric Blake wrote:
> On 8/13/20 10:28 AM, Eric Garver wrote:
> > On Thu, Aug 13, 2020 at 01:38:54PM +0100, Richard W.M. Jones wrote:
> > > ---
> > > config/Makefile.am | 1 +
> > > config/services/nbd.xml | 6 ++++++
> > > po/POTFILES.in | 1 +
> > > 3 files changed, 8 insertions(+)
> >
> > Thanks! I applied and pushed this upstream:
> >
> > 8f562559dad8 ("feat: service: add nbd (Network Block Device)
> > service")
>
> Unrelated question - why can't firewalld automatically support an implied
> service for every listing in /etc/services, in order to reduce the number of
> patches needed to config/services/*.xml which end up duplicating efforts?
You can do that.
# firewall-cmd --add-port gopher/tcp
success
Internally it uses socket.getservbyname() [1].
I was initially prompted to provide this patch because I thought that
this would work in public.xml, but it did not:
<service name="nbd"/>
Of course the equivalent <port port="nbd" protocol="tcp"/>
works, but
it seems as if the same information is present in /etc/services
already.
Rich.
Unfortunately listing the ports doesn't do the reverse
translation, but
this could be addressed.
# firewall-cmd --list-ports
70/tcp
Services are useful if you want to open a collection of ports or the
service needs conntrack helpers.
[1]:
https://docs.python.org/3/library/socket.html#socket.getservbyname
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top