Red Hat This forum is for the discussion of Red Hat Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-15-2014, 05:54 PM
|
#1
|
LQ Newbie
Registered: May 2014
Posts: 8
Rep:
|
RHEL7 firewalld.
I'm playing with the RHEL7 RC (I know the RHEL7 GA is there, but CentOS 7 is not) and I'm coming across some problems with firewalld.
I wanted to install the HAProxy package and set up the firewall configuration.
But there is no HAProxy/firewalld configuration, I had to create it myself!
In addition, I discovered that all the firewalld service configurations are in the firewalld package (they are stored in /usr/lib/firewalld/services) and not in each package: the HAProxy package should contain its own firewalld configuration but this is not the case!
Finally, there seems to be no SELinux contexts associated with these firewalld service configurations.
I have no idea how this behaves in case of SELinux relabel!
This is pretty strange!
Has anybody got some clue about this?
|
|
|
06-15-2014, 05:58 PM
|
#2
|
LQ Muse
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,647
|
well rhel7 is so new that packages are not yet built
build from source and use rpmbuild to make a rpm
Quote:
Finally, there seems to be no SELinux contexts associated with these firewalld service configurations.
|
then as NORMAL
use "audit2allow" to make a rule
Last edited by John VV; 06-15-2014 at 05:59 PM.
|
|
|
06-15-2014, 06:04 PM
|
#3
|
LQ Newbie
Registered: May 2014
Posts: 8
Original Poster
Rep:
|
It's not only a practical problem, things don't seem to be correctly organized.
|
|
|
06-15-2014, 07:08 PM
|
#4
|
LQ Muse
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,647
|
well it is a "release candidate" ( rc ) after all
Quote:
things don't seem to be correctly organized.
|
as in ....
how is it " not organized " ?
|
|
|
06-19-2014, 05:48 AM
|
#5
|
LQ Newbie
Registered: Jun 2014
Posts: 13
Rep:
|
Maybe not what you're looking for but you can easily go back to iptables as follows:
yum install iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl enable ip6tables
systemctl stop firewalld
systemctl start iptables
systemctl start ip6tables
|
|
|
06-23-2014, 10:12 AM
|
#6
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,334
|
Quote:
Originally Posted by dpu
I'm playing with the RHEL7 RC (I know the RHEL7 GA is there, but CentOS 7 is not) and I'm coming across some problems with firewalld.
I wanted to install the HAProxy package and set up the firewall configuration. But there is no HAProxy/firewalld configuration, I had to create it myself!
|
Right...including a base configuration would tell everyone who had RHEL7 what is done for everyone else, and expose vulnerabilities. By making you create a configuration, the system winds up being more secure.
Quote:
In addition, I discovered that all the firewalld service configurations are in the firewalld package (they are stored in /usr/lib/firewalld/services) and not in each package: the HAProxy package should contain its own firewalld configuration but this is not the case! Finally, there seems to be no SELinux contexts associated with these firewalld service configurations. I have no idea how this behaves in case of SELinux relabel! This is pretty strange!
Has anybody got some clue about this?
|
Yes, Red Hat does. Did you check their knowledgebase?
http://rhelblog.redhat.com/2014/01/2...ment/#more-150
https://access.redhat.com/site/sites...,d.cWc&cad=rja
https://access.redhat.com/site/node/...y_Threats.html
Since you're using RHEL, you're also paying for support; have you contacted them with your questions, or read the release notes on RHEL7? As JohnVV said, it's only a release candidate, but given what they did (and why), it's a good thing. Should make things better, I think, except for people who just want to get a 'certification', since they sample test/questions won't match for a good while.
|
|
|
All times are GMT -5. The time now is 07:02 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|