Originally Posted by dpu
I'm playing with the RHEL7 RC (I know the RHEL7 GA is there, but CentOS 7 is not) and I'm coming across some problems with firewalld.
I wanted to install the HAProxy package and set up the firewall configuration. But there is no HAProxy/firewalld configuration, I had to create it myself!
Right...including a base configuration would tell everyone who had RHEL7 what is done for everyone else, and expose vulnerabilities. By making you create a configuration, the system winds up being more secure.
In addition, I discovered that all the firewalld service configurations are in the firewalld package (they are stored in /usr/lib/firewalld/services) and not in each package: the HAProxy package should contain its own firewalld configuration but this is not the case! Finally, there seems to be no SELinux contexts associated with these firewalld service configurations. I have no idea how this behaves in case of SELinux relabel! This is pretty strange!
Has anybody got some clue about this?
Yes, Red Hat does. Did you check their knowledgebase?
Since you're using RHEL, you're also paying for support; have you contacted them with your questions, or read the release notes on RHEL7? As JohnVV said, it's only a release candidate, but given what they did (and why), it's a good thing. Should make things better, I think, except for people who just want to get a 'certification', since they sample test/questions won't match for a good while.