LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices


Reply
  Search this Thread
Old 01-23-2013, 09:33 PM   #1
wmakowski
Member
 
Registered: Oct 2003
Location: Ohio
Distribution: Fedora 25, 26, RHL 5.2
Posts: 560

Rep: Reputation: 56
Permanent Configuration for firewalld


I have two separate issues that I have not been able to figure out with the change from iptables to firewalld. Since firewalld is lightly documented the solutions are avoiding me.

1) I use openvpn to access my server from the internet. In iptables tun0 was a trusted interface to allow access to services and data. The command
Code:
firewall-cmd --zone=trusted --add-interface=tun0
allows me to open it up temporarily, but after a restart I would have to enter this command again. I tried
Code:
firewall-cmd --permanent --zone=trusted --add-interface=tun0
but it exited the program and showed the man page. I have opened a bug on this, but was hoping someone may have run into it already.

2) I need to set up the nf_conntrack_netbios_ns and ip_nat_ftp helper modules in firewalld to allow ftp connections to external systems from other computers on my LAN. It looks like this is done using a firewalld service configuration file (see man firewalld.service). I will be working through this, but would like to hear from anyone that has set this up. Thanks!

Bill
 
Old 01-24-2013, 09:01 AM   #2
wmakowski
Member
 
Registered: Oct 2003
Location: Ohio
Distribution: Fedora 25, 26, RHL 5.2
Posts: 560

Original Poster
Rep: Reputation: 56
One of the developers of firewalld replied back to the Bug I opened for not being able to make a permanent entry for tun0. He thought it might be configurable from within NetworkManager or /etc/sysconfig/network-scripts, but since this interface is created dynamically by openvpn it does not show up. He also suggested that I could make my default zone trusted and assign other zones to the other interfaces. I felt this could unintentionally open a hole further down the road.

I did come up with a workaround of my own. By making an ExecStartPost entry in /lib/systemd/system/openvpn@xxxxxx.service for the first firewall-cmd above, I don't have to worry about executing the command manually after a restart.
 
2 members found this post helpful.
  


Reply

Tags
firewalld


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Fedora 18 and Firewalld LXer Syndicated Linux News 0 09-20-2012 05:50 AM
[SOLVED] firewalld status? (Fedora gurus might know this) serafean Linux - Software 3 12-07-2011 02:02 AM
LFS keyboard permanent configuration aloisius-a Linux From Scratch 2 06-06-2010 04:35 AM
Permanent mount on raw devices configuration sreenivas261283 Linux - Software 2 04-07-2009 02:37 AM
iptable configuration with guarddog permanent regardless wm? jasone Linux - General 2 04-21-2005 05:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 09:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration