firewalld from a server perspective
Reindl Harald
h.reindl at thelounge.net
Fri Aug 1 12:41:08 UTC 2014
Am 01.08.2014 um 14:27 schrieb Nikos Mavrogiannopoulos:
> I'm maintaining a VPN server in fedora and I'm wondering whether
> I'd need to integrate firewalld to that. After reading the information
> in https://fedoraproject.org/wiki/FirewallD I don't think I'm sure what
> I'm supposed to do.
>
> There are two issues:
> 1. Should my service turn on the firewall ports used by the server?
> As far as I understand, in order for the service to work out of the box
> I'd need to call firewall-cmd --port to enable the TCP and UDP ports
> used by the server, possibly from the systemd unit file (are there any
> hooks for that?)
please don't do that without asking the user
and *never* do that in the systemd-unit because
even if the user decides to close the port you
would open it again - that's a no-go
installing whatever service don't mean automatically
it is intended to be reachable on any interface and
that is independent of the type of service
nobody but the admin / user knows the intention of
a installed package and it is bad practice have to
close ports
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140801/2242ad41/attachment.sig>
More information about the devel
mailing list