Hello List, flo
Am Montag, 29. März 2021, 09:30:48 CEST schrieb Florence Blanc-Renaud via
FreeIPA-users:
On 3/28/21 6:01 PM, Günther J. Niederwimmer via FreeIPA-users wrote:
> Hello,
> is this a known Problem?
>
> When I config in the Firewall rich rules with the new "freeipa-4" this is
> not
working I mean firewall-cmd can't read this construct?
>
> I have to setup the "old" freeipa-ldaps freeipa-ldap freeipa-replication
> in
the rich_rules after that the firewall is open for replicas.
>
Hi,
which command are you using? The following works for me:
# systemctl start firewalld
# firewall-cmd --permanent --add-service freeipa-4
success
# firewall-cmd --reload
success
Yes this is working, BUT a rich rule is not working,
<rule family="ipv4">
<source address="XXX.XXX.XXX.XXX/28"/>
<service name="freeipa-4"/>
<log prefix="freeipa-4" level="info">
<limit value="1/m"/>
</log>
<accept/>
</rule>
firewall-cmd --permanent --zone=external --add-rich-rule='rule family="ipv4"
source address="xxx.xxx.xxx.xxx/28" service name="freeipa-4" log
prefix="freeipa-4" level="info" limit value="1/m"
accept'
--
mit freundlichen Grüßen / best regards
Günther J. Niederwimmer