Hello Eric,
thanks for the response. I did added this option in public/external zone
firewall-cmd --permanent --add-service slp
# firewall-cmd --reload
Even though the slp services were not getting discovered by other nodes.
As soon as i delete this rule
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
All starts working fine.
That's why i am confused/clueless what can be done to make it work.
Thanks
On Wed, Nov 18, 2020, 12:32 AM Eric Garver <egarver(a)redhat.com> wrote:
On Tue, Nov 17, 2020 at 06:19:09PM -0000, bsp team wrote:
> Below rule in iptables is causing the slptool to fail in detecting the
services of other hosts.
> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
> I deleted it by using below command
> iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
> and slp started to discover from other node with firewall enabled.
> however when i reload the firewalld or reboot it again went back to
original rule (REJECT)
> how can i delete this rule permanently so that even after reoading
firewalld daemon it does not go back to default.
> or is there anyother way
You should _not_ delete this rule. Doing so will likely leave your
firewall open and your server unprotected. I repeat. DO NOT DELETE THIS
RULE.
Instead add the `slp` service:
# firewall-cmd --permanent --add-service slp
# firewall-cmd --reload
The above adds it to the default zone (likely "public"). To add it to a
specific zone add the `--zone` argument.
# firewall-cmd --permanent --zone external --add-service slp
# firewall-cmd --reload