how do I allow a service on an arbitrary local interface the firewalld way?
Thomas Woerner
twoerner at redhat.com
Mon Nov 12 13:45:38 UTC 2012
On 11/09/2012 05:21 AM, Matthew Miller wrote:
> I'm making a crude fake EC2 environment on my test machine, and as part of
> that, I need a web server listening on 169.254.169.254. I've bound this
> address to lo:0. How do I use firewall-cmd to allow http through? It's
> blocked by default.
>
> I thought I could do it with the interface=lo:0 argument, but that gives me
> "Warning: ALREADY_ENABLED". And firewall-cmd --list-interfaces returns only
> 'wlan0'
>
Add the interface to the default zone or to trusted, if you want to have
full access:
To add the interface to the default zone:
firewall-cmd --add-interface=lo:0
To add the interface to the trusted zone:
firewall-cmd --add-interface=lo:0 --zone=trusted
As ":" was not allowed in interface names up to now, this is only
possible with the GIT version and also soon with an updated firewalld
package in Fedora.
> There doesn't appear to be any real documentation for firewall-cmd. The web
> page is just development plans, the help is a maze of BNF, and the man page
> is full of less-than-helpful stuff like:
>
> interface=<interface>
> Use an interface name.
>
Man pages with more information and also examples are in the works.
>
> Where should I look to find out more?
>
>
More information about the devel
mailing list