[Freeipa-users] Fedora Core IPTables or FirewallID?

Mark Heslin mheslin at redhat.com
Tue Aug 26 14:37:35 UTC 2014 

Chris,

My understanding is that firewalld "services" are where we're heading 
but I'm not entirely
sure how much or how little of these are fully supported/available yet.

I've copied Thomas - he'll know :-)

-m



On 08/26/2014 10:26 AM, Chris Whittle wrote:
> Here is what I found that seems to work from 
> http://adam.younglogic.com/2013/04/firewall-d-for-freeipa/
>
> It only has to be ran once...
>
> cat >/etc/firewalld/services/kerberos.xml <<EOD
> <?xml version="1.0" encoding="utf-8"?>
> <service>
>   <short>kerberos</short>
>   <description>Kerberos</description>
>   <port protocol="tcp" port="88"/>
>   <port protocol="udp" port="88"/>
> </service>
> EOD
>
>   cat >/etc/firewalld/services/kpasswd.xml <<EOD
> <?xml version="1.0" encoding="utf-8"?>
> <service>
>   <short>kpasswd</short>
>   <description>kpasswd</description>
>   <port protocol="tcp" port="464"/>
>   <port protocol="udp" port="464"/>
> </service>
> EOD
>
>   cat >/etc/firewalld/services/ldap.xml <<EOD
> <?xml version="1.0" encoding="utf-8"?>
> <service>
>   <short>ldap</short>
>   <description>Lightweight Directory Access Protocol</description>
>   <port protocol="tcp" port="389"/>
> </service>
> EOD
>
>   cat >/etc/firewalld/services/ldaps.xml <<EOD
> <?xml version="1.0" encoding="utf-8"?>
> <service>
>   <short>ldaps</short>
>   <description>Lightweight Directory Access Protocol over 
> SSL</description>
>   <port protocol="tcp" port="636"/>
> </service>
> EOD
>
>   firewall-cmd --permanent --zone=public --add-service=dns
>   firewall-cmd --permanent --zone=public --add-service=http
>   firewall-cmd --permanent --zone=public --add-service=https
>   firewall-cmd --permanent --zone=public --add-service=kerberos
>   firewall-cmd --permanent --zone=public --add-service=kpasswd
>   firewall-cmd --permanent --zone=public --add-service=ldap
>   firewall-cmd --permanent --zone=public --add-service=ldaps
>   firewall-cmd --permanent --zone=public --add-service=ntp
>   firewall-cmd --reload
>
>
>
> On Tue, Aug 26, 2014 at 9:22 AM, Mark Heslin <mheslin at redhat.com 
> <mailto:mheslin at redhat.com>> wrote:
>
>     Hi Chris,
>
>     Take a look at the attached snippet - it will walk you through
>     configuring firewalld
>     with named chains on RHEL 7. You don't have to use named chains
>     but makes managing
>     multiple chains cleaner. Do make sure you 'mask' iptables - only
>     using 'disable' can still cause
>     conflicts in some circumstances.
>
>     This is extracted from the recently published reference
>     architecture "Integrating OpenShift Enterprise
>     with IdM in RHEL 7":
>
>     https://access.redhat.com/articles/1155603 (The redhat.com
>     <http://redhat.com> links are not yet in place).
>
>     The context here was for an IdM server but I also used the same
>     approach for the IdM replica
>     and RHEL 7 clients.
>
>     hth,
>
>     -m
>
>
>
>     On 08/25/2014 10:22 PM, Chris Whittle wrote:
>>     I've got my server up and running great with one exception every
>>     time I reboot I have to login and flush the iptables or nothing
>>     can connect.
>>
>>     I've found a ton of fixes and none seem to work, I'm on FC20 does
>>     anyone have experience with it and wouldn't mind helping?
>>
>>
>
>
>     -- 
>
>     Red Hat Reference Architectures
>
>     Follow Us:https://twitter.com/RedHatRefArch
>     Plus Us:https://plus.google.com/u/0/b/114152126783830728030/
>     Like Us:https://www.facebook.com/rhrefarch
>
>


-- 

Red Hat Reference Architectures

Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140826/1429926f/attachment.htm>

More information about the Freeipa-users mailing list