[Freeipa-users] Fedora Core IPTables or FirewallID?
Arthur Fayzullin
arthur at deus.pro
Wed Aug 27 10:55:03 UTC 2014
I've got something like this:
$ sudo firewall-cmd --permanent --list-all
[sudo] password for afayzullin:
public (default)
interfaces:
sources:
services: dhcpv6-client dns http https kerberos kpasswd ldap ldaps ntp ssh
ports: 7389/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
26.08.2014 20:37, Mark Heslin пишет:
> Chris,
>
> My understanding is that firewalld "services" are where we're heading
> but I'm not entirely
> sure how much or how little of these are fully supported/available yet.
>
> I've copied Thomas - he'll know :-)
>
> -m
>
>
>
> On 08/26/2014 10:26 AM, Chris Whittle wrote:
>> Here is what I found that seems to work from
>> http://adam.younglogic.com/2013/04/firewall-d-for-freeipa/
>>
>> It only has to be ran once...
>>
>> cat >/etc/firewalld/services/kerberos.xml <<EOD
>> <?xml version="1.0" encoding="utf-8"?>
>> <service>
>> <short>kerberos</short>
>> <description>Kerberos</description>
>> <port protocol="tcp" port="88"/>
>> <port protocol="udp" port="88"/>
>> </service>
>> EOD
>>
>> cat >/etc/firewalld/services/kpasswd.xml <<EOD
>> <?xml version="1.0" encoding="utf-8"?>
>> <service>
>> <short>kpasswd</short>
>> <description>kpasswd</description>
>> <port protocol="tcp" port="464"/>
>> <port protocol="udp" port="464"/>
>> </service>
>> EOD
>>
>> cat >/etc/firewalld/services/ldap.xml <<EOD
>> <?xml version="1.0" encoding="utf-8"?>
>> <service>
>> <short>ldap</short>
>> <description>Lightweight Directory Access Protocol</description>
>> <port protocol="tcp" port="389"/>
>> </service>
>> EOD
>>
>> cat >/etc/firewalld/services/ldaps.xml <<EOD
>> <?xml version="1.0" encoding="utf-8"?>
>> <service>
>> <short>ldaps</short>
>> <description>Lightweight Directory Access Protocol over
>> SSL</description>
>> <port protocol="tcp" port="636"/>
>> </service>
>> EOD
>>
>> firewall-cmd --permanent --zone=public --add-service=dns
>> firewall-cmd --permanent --zone=public --add-service=http
>> firewall-cmd --permanent --zone=public --add-service=https
>> firewall-cmd --permanent --zone=public --add-service=kerberos
>> firewall-cmd --permanent --zone=public --add-service=kpasswd
>> firewall-cmd --permanent --zone=public --add-service=ldap
>> firewall-cmd --permanent --zone=public --add-service=ldaps
>> firewall-cmd --permanent --zone=public --add-service=ntp
>> firewall-cmd --reload
>>
>>
>>
>> On Tue, Aug 26, 2014 at 9:22 AM, Mark Heslin <mheslin at redhat.com
>> <mailto:mheslin at redhat.com>> wrote:
>>
>> Hi Chris,
>>
>> Take a look at the attached snippet - it will walk you through
>> configuring firewalld
>> with named chains on RHEL 7. You don't have to use named chains
>> but makes managing
>> multiple chains cleaner. Do make sure you 'mask' iptables - only
>> using 'disable' can still cause
>> conflicts in some circumstances.
>>
>> This is extracted from the recently published reference
>> architecture "Integrating OpenShift Enterprise
>> with IdM in RHEL 7":
>>
>> https://access.redhat.com/articles/1155603 (The redhat.com
>> <http://redhat.com> links are not yet in place).
>>
>> The context here was for an IdM server but I also used the same
>> approach for the IdM replica
>> and RHEL 7 clients.
>>
>> hth,
>>
>> -m
>>
>>
>>
>> On 08/25/2014 10:22 PM, Chris Whittle wrote:
>>> I've got my server up and running great with one exception every
>>> time I reboot I have to login and flush the iptables or nothing
>>> can connect.
>>>
>>> I've found a ton of fixes and none seem to work, I'm on FC20
>>> does anyone have experience with it and wouldn't mind helping?
>>>
>>>
>>
>>
>> --
>>
>> Red Hat Reference Architectures
>>
>> Follow Us: https://twitter.com/RedHatRefArch
>> Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
>> Like Us: https://www.facebook.com/rhrefarch
>>
>>
>
>
> --
>
> Red Hat Reference Architectures
>
> Follow Us: https://twitter.com/RedHatRefArch
> Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
> Like Us: https://www.facebook.com/rhrefarch
>
>
--
С уважением, Артур Файзуллин
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140827/ad0d15f8/attachment.htm>
More information about the Freeipa-users
mailing list