[Freeipa-users] Fedora Core IPTables or FirewallID?

Chris Whittle cwhittl at gmail.com
Tue Aug 26 14:26:15 UTC 2014 

Here is what I found that seems to work from
http://adam.younglogic.com/2013/04/firewall-d-for-freeipa/

It only has to be ran once...

cat >/etc/firewalld/services/kerberos.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>kerberos</short>
  <description>Kerberos</description>
  <port protocol="tcp" port="88"/>
  <port protocol="udp" port="88"/>
</service>
EOD

  cat >/etc/firewalld/services/kpasswd.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>kpasswd</short>
  <description>kpasswd</description>
  <port protocol="tcp" port="464"/>
  <port protocol="udp" port="464"/>
</service>
EOD

  cat >/etc/firewalld/services/ldap.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ldap</short>
  <description>Lightweight Directory Access Protocol</description>
  <port protocol="tcp" port="389"/>
</service>
EOD

  cat >/etc/firewalld/services/ldaps.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ldaps</short>
  <description>Lightweight Directory Access Protocol over SSL</description>
  <port protocol="tcp" port="636"/>
</service>
EOD

  firewall-cmd --permanent --zone=public --add-service=dns
  firewall-cmd --permanent --zone=public --add-service=http
  firewall-cmd --permanent --zone=public --add-service=https
  firewall-cmd --permanent --zone=public --add-service=kerberos
  firewall-cmd --permanent --zone=public --add-service=kpasswd
  firewall-cmd --permanent --zone=public --add-service=ldap
  firewall-cmd --permanent --zone=public --add-service=ldaps
  firewall-cmd --permanent --zone=public --add-service=ntp
  firewall-cmd --reload



On Tue, Aug 26, 2014 at 9:22 AM, Mark Heslin <mheslin at redhat.com> wrote:

>  Hi Chris,
>
> Take a look at the attached snippet - it will walk you through configuring
> firewalld
> with named chains on RHEL 7. You don't have to use named chains but makes
> managing
> multiple chains cleaner. Do make sure you 'mask' iptables - only using
> 'disable' can still cause
> conflicts in some circumstances.
>
> This is extracted from the recently published reference architecture
> "Integrating OpenShift Enterprise
> with IdM in RHEL 7":
>
>    https://access.redhat.com/articles/1155603     (The redhat.com links
> are not yet in place).
>
> The context here was for an IdM server but I also used the same approach
> for the IdM replica
> and RHEL 7 clients.
>
> hth,
>
> -m
>
>
>
> On 08/25/2014 10:22 PM, Chris Whittle wrote:
>
> I've got my server up and running great with one exception every time I
> reboot I have to login and flush the iptables or nothing can connect.
>
>  I've found a ton of fixes and none seem to work, I'm on FC20 does anyone
> have experience with it and wouldn't mind helping?
>
>
>
>
> --
>
> Red Hat Reference Architectures
>
> Follow Us: https://twitter.com/RedHatRefArch
> Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
> Like Us: https://www.facebook.com/rhrefarch
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140826/a196572f/attachment.htm>

More information about the Freeipa-users mailing list