On Tue, Nov 17, 2020 at 06:19:09PM -0000, bsp team wrote:
Below rule in iptables is causing the slptool to fail in detecting
the services of other hosts.
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
I deleted it by using below command
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
and slp started to discover from other node with firewall enabled.
however when i reload the firewalld or reboot it again went back to original rule
(REJECT)
how can i delete this rule permanently so that even after reoading firewalld daemon it
does not go back to default.
or is there anyother way
You should _not_ delete this rule. Doing so will likely leave your
firewall open and your server unprotected. I repeat. DO NOT DELETE THIS
RULE.
Instead add the `slp` service:
# firewall-cmd --permanent --add-service slp
# firewall-cmd --reload
The above adds it to the default zone (likely "public"). To add it to a
specific zone add the `--zone` argument.
# firewall-cmd --permanent --zone external --add-service slp
# firewall-cmd --reload