[libvirt] [PATCH v2 4/7] configure: selectively install a firewalld 'libvirt' zone
Laine Stump
laine at laine.org
Fri Feb 1 13:49:34 UTC 2019
On 2/1/19 8:28 AM, Eric Garver wrote:
> On Thu, Jan 31, 2019 at 10:10:43PM -0500, Laine Stump wrote:
>> On 1/31/19 8:24 PM, Laine Stump wrote:
>>> Changes from V1:
>>> [...]
>>> * make the <reject/> rule's priority 32767 instead of 127.
>>> [...]
>>> +
>>> +<rule priority='32767'>
>>> + <reject/>
>>> +</rule>
>>
>> I found out after sending this that when I make the priority of the reject
>> rule 32767 instead of 127, it's apparently ignored (in my example, I was
>> able to ssh to port 222 of the host even though the zone doesn't allow
>> that).
>>
>>
>> Eric, any idea why this might be happening?
> What build are you testing against? At one point the limit was 127, but
> I increased it before pushing it upstream. You can check the firewalld
> logs - there may be an error reporting the above priority is out of
> range.
>
Ah, maybe you haven't backported that change to RHEL? I was testing on
my RHEL8 beta system. If that's the case, then either we need that
change backported to RHEL too, or I need to change the priority back to 127.
More information about the libvir-list
mailing list