7:58 a.m.
Hi,
I want to allow traffic of the ospf protocol in the work zone. But I
found no way to do this, besides custom iptables commands and
firewall-cmd --direct rules which are not persistent. There are more
than 100 protocols listed in /etc/protocols, so there should be a way
to allow a custom protocol.
My best try:
firewall-cmd --direct --add-rule ipv4 filter INPUT 99 -d 224.0.0.5 -p
ospf -j ACCEPT
How can I get this use case to work with firewalld? Or will this be
never supported? I'm trying all this on freshly installed a Fedora 18.
What chain should I use? INPUT works for me, but there are others
which look more correct, like IN_ZONE_work_allow, IN_ZONE_work or
IN_ZONE_work_direct
Regards,
Stefan Hellermann
6:50 a.m.
Hello,
On 12/20/2012 02:58 PM, Stefan Hellermann wrote:
Hi,
I want to allow traffic of the ospf protocol in the work zone. But I
found no way to do this, besides custom iptables commands and
firewall-cmd --direct rules which are not persistent. There are more
than 100 protocols listed in /etc/protocols, so there should be a way
to allow a custom protocol.
My best try:
firewall-cmd --direct --add-rule ipv4 filter INPUT 99 -d 224.0.0.5 -p
ospf -j ACCEPT
the best way to do this for now is to define a new service. There you
can use protocols besides tcp and udp. Please have a look at the
firewalld.service man page.
I have created a test service entry (/etc/firewalld/services/ospf.xml)
for the line above:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>OSPF</short>
<description></description>
<port protocol="ospf" port=""/>
<destination ipv4="224.0.0.5"/>
</service>
How can I get this use case to work with firewalld? Or will this be
never supported? I'm trying all this on freshly installed a Fedora 18.
What chain should I use? INPUT works for me, but there are others
which look more correct, like IN_ZONE_work_allow, IN_ZONE_work or
IN_ZONE_work_direct
Just add the file and (permanently) enable the OSPF service in the work
zone.
Regards,
Stefan Hellermann
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Thanks,
Thomas
11:38 a.m.
Hi!
the best way to do this for now is to define a new service. There you
can
use protocols besides tcp and udp. Please have a look at the
firewalld.service man page.
I have created a test service entry (/etc/firewalld/services/ospf.xml) for
the line above:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>OSPF</short>
<description></description>
<port protocol="ospf" port=""/>
<destination ipv4="224.0.0.5"/>
</service>
Thanks! Nice solution!
Is there a plan to add more service.xml files to the firewalld
package? Should packages install their own service.xml files? In this
case their are at least two routing daemons in fedora which can use
the OSPF protocol (quagga and bird).
Regards,
Stefan Hellermann
4136
days inactive
4155
days old
firewalld-users@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Stefan Hellermann -
Thomas Woerner