Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Fedora This forum is for the discussion of the Fedora Project.


  Search this Thread
Old 01-23-2013, 10:33 PM   #1
Registered: Oct 2003
Location: Ohio
Distribution: Fedora 25, 26, RHL 5.2
Posts: 560

Rep: Reputation: 56
Permanent Configuration for firewalld

I have two separate issues that I have not been able to figure out with the change from iptables to firewalld. Since firewalld is lightly documented the solutions are avoiding me.

1) I use openvpn to access my server from the internet. In iptables tun0 was a trusted interface to allow access to services and data. The command
firewall-cmd --zone=trusted --add-interface=tun0
allows me to open it up temporarily, but after a restart I would have to enter this command again. I tried
firewall-cmd --permanent --zone=trusted --add-interface=tun0
but it exited the program and showed the man page. I have opened a bug on this, but was hoping someone may have run into it already.

2) I need to set up the nf_conntrack_netbios_ns and ip_nat_ftp helper modules in firewalld to allow ftp connections to external systems from other computers on my LAN. It looks like this is done using a firewalld service configuration file (see man firewalld.service). I will be working through this, but would like to hear from anyone that has set this up. Thanks!

Old 01-24-2013, 10:01 AM   #2
Registered: Oct 2003
Location: Ohio
Distribution: Fedora 25, 26, RHL 5.2
Posts: 560

Original Poster
Rep: Reputation: 56
One of the developers of firewalld replied back to the Bug I opened for not being able to make a permanent entry for tun0. He thought it might be configurable from within NetworkManager or /etc/sysconfig/network-scripts, but since this interface is created dynamically by openvpn it does not show up. He also suggested that I could make my default zone trusted and assign other zones to the other interfaces. I felt this could unintentionally open a hole further down the road.

I did come up with a workaround of my own. By making an ExecStartPost entry in /lib/systemd/system/openvpn@xxxxxx.service for the first firewall-cmd above, I don't have to worry about executing the command manually after a restart.
2 members found this post helpful.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Fedora 18 and Firewalld LXer Syndicated Linux News 0 09-20-2012 06:50 AM
[SOLVED] firewalld status? (Fedora gurus might know this) serafean Linux - Software 3 12-07-2011 03:02 AM
LFS keyboard permanent configuration aloisius-a Linux From Scratch 2 06-06-2010 05:35 AM
Permanent mount on raw devices configuration sreenivas261283 Linux - Software 2 04-07-2009 03:37 AM
iptable configuration with guarddog permanent regardless wm? jasone Linux - General 2 04-21-2005 06:28 AM > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 02:34 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration