[Freeipa-users] Fedora Core IPTables or FirewallID?
Mark Heslin
mheslin at redhat.com
Tue Aug 26 14:37:35 UTC 2014
Chris,
My understanding is that firewalld "services" are where we're heading
but I'm not entirely
sure how much or how little of these are fully supported/available yet.
I've copied Thomas - he'll know :-)
-m
On 08/26/2014 10:26 AM, Chris Whittle wrote:
> Here is what I found that seems to work from
> http://adam.younglogic.com/2013/04/firewall-d-for-freeipa/
>
> It only has to be ran once...
>
> cat >/etc/firewalld/services/kerberos.xml <<EOD
> <?xml version="1.0" encoding="utf-8"?>
> <service>
> <short>kerberos</short>
> <description>Kerberos</description>
> <port protocol="tcp" port="88"/>
> <port protocol="udp" port="88"/>
> </service>
> EOD
>
> cat >/etc/firewalld/services/kpasswd.xml <<EOD
> <?xml version="1.0" encoding="utf-8"?>
> <service>
> <short>kpasswd</short>
> <description>kpasswd</description>
> <port protocol="tcp" port="464"/>
> <port protocol="udp" port="464"/>
> </service>
> EOD
>
> cat >/etc/firewalld/services/ldap.xml <<EOD
> <?xml version="1.0" encoding="utf-8"?>
> <service>
> <short>ldap</short>
> <description>Lightweight Directory Access Protocol</description>
> <port protocol="tcp" port="389"/>
> </service>
> EOD
>
> cat >/etc/firewalld/services/ldaps.xml <<EOD
> <?xml version="1.0" encoding="utf-8"?>
> <service>
> <short>ldaps</short>
> <description>Lightweight Directory Access Protocol over
> SSL</description>
> <port protocol="tcp" port="636"/>
> </service>
> EOD
>
> firewall-cmd --permanent --zone=public --add-service=dns
> firewall-cmd --permanent --zone=public --add-service=http
> firewall-cmd --permanent --zone=public --add-service=https
> firewall-cmd --permanent --zone=public --add-service=kerberos
> firewall-cmd --permanent --zone=public --add-service=kpasswd
> firewall-cmd --permanent --zone=public --add-service=ldap
> firewall-cmd --permanent --zone=public --add-service=ldaps
> firewall-cmd --permanent --zone=public --add-service=ntp
> firewall-cmd --reload
>
>
>
> On Tue, Aug 26, 2014 at 9:22 AM, Mark Heslin <mheslin at redhat.com
> <mailto:mheslin at redhat.com>> wrote:
>
> Hi Chris,
>
> Take a look at the attached snippet - it will walk you through
> configuring firewalld
> with named chains on RHEL 7. You don't have to use named chains
> but makes managing
> multiple chains cleaner. Do make sure you 'mask' iptables - only
> using 'disable' can still cause
> conflicts in some circumstances.
>
> This is extracted from the recently published reference
> architecture "Integrating OpenShift Enterprise
> with IdM in RHEL 7":
>
> https://access.redhat.com/articles/1155603 (The redhat.com
> <http://redhat.com> links are not yet in place).
>
> The context here was for an IdM server but I also used the same
> approach for the IdM replica
> and RHEL 7 clients.
>
> hth,
>
> -m
>
>
>
> On 08/25/2014 10:22 PM, Chris Whittle wrote:
>> I've got my server up and running great with one exception every
>> time I reboot I have to login and flush the iptables or nothing
>> can connect.
>>
>> I've found a ton of fixes and none seem to work, I'm on FC20 does
>> anyone have experience with it and wouldn't mind helping?
>>
>>
>
>
> --
>
> Red Hat Reference Architectures
>
> Follow Us:https://twitter.com/RedHatRefArch
> Plus Us:https://plus.google.com/u/0/b/114152126783830728030/
> Like Us:https://www.facebook.com/rhrefarch
>
>
--
Red Hat Reference Architectures
Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140826/1429926f/attachment.htm>
More information about the Freeipa-users
mailing list