Hello,
On 12/20/2012 02:58 PM, Stefan Hellermann wrote:
Hi,
I want to allow traffic of the ospf protocol in the work zone. But I
found no way to do this, besides custom iptables commands and
firewall-cmd --direct rules which are not persistent. There are more
than 100 protocols listed in /etc/protocols, so there should be a way
to allow a custom protocol.
My best try:
firewall-cmd --direct --add-rule ipv4 filter INPUT 99 -d 224.0.0.5 -p
ospf -j ACCEPT
the best way to do this for now is to define a new service. There you
can use protocols besides tcp and udp. Please have a look at the
firewalld.service man page.
I have created a test service entry (/etc/firewalld/services/ospf.xml)
for the line above:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>OSPF</short>
<description></description>
<port protocol="ospf" port=""/>
<destination ipv4="224.0.0.5"/>
</service>
How can I get this use case to work with firewalld? Or will this be
never supported? I'm trying all this on freshly installed a Fedora 18.
What chain should I use? INPUT works for me, but there are others
which look more correct, like IN_ZONE_work_allow, IN_ZONE_work or
IN_ZONE_work_direct
Just add the file and (permanently) enable the OSPF service in the work
zone.
Regards,
Stefan Hellermann
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Thanks,
Thomas