Chris,
My understanding is that firewalld "services" are where we're heading
but I'm not entirely
sure how much or how little of these are fully supported/available yet.
I've copied Thomas - he'll know :-)
-m
On 08/26/2014 10:26 AM, Chris Whittle wrote:
Here is what I found that seems to work from
http://adam.younglogic.com/2013/04/firewall-d-for-freeipa/
It only has to be ran once...
cat >/etc/firewalld/services/kerberos.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>kerberos</short>
<description>Kerberos</description>
<port protocol="tcp" port="88"/>
<port protocol="udp" port="88"/>
</service>
EOD
cat >/etc/firewalld/services/kpasswd.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>kpasswd</short>
<description>kpasswd</description>
<port protocol="tcp" port="464"/>
<port protocol="udp" port="464"/>
</service>
EOD
cat >/etc/firewalld/services/ldap.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>ldap</short>
<description>Lightweight Directory Access Protocol</description>
<port protocol="tcp" port="389"/>
</service>
EOD
cat >/etc/firewalld/services/ldaps.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>ldaps</short>
<description>Lightweight Directory Access Protocol over
SSL</description>
<port protocol="tcp" port="636"/>
</service>
EOD
firewall-cmd --permanent --zone=public --add-service=dns
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-service=kerberos
firewall-cmd --permanent --zone=public --add-service=kpasswd
firewall-cmd --permanent --zone=public --add-service=ldap
firewall-cmd --permanent --zone=public --add-service=ldaps
firewall-cmd --permanent --zone=public --add-service=ntp
firewall-cmd --reload
On Tue, Aug 26, 2014 at 9:22 AM, Mark Heslin <[email protected]
<mailto:[email protected]>> wrote:
Hi Chris,
Take a look at the attached snippet - it will walk you through
configuring firewalld
with named chains on RHEL 7. You don't have to use named chains
but makes managing
multiple chains cleaner. Do make sure you 'mask' iptables - only
using 'disable' can still cause
conflicts in some circumstances.
This is extracted from the recently published reference
architecture "Integrating OpenShift Enterprise
with IdM in RHEL 7":
https://access.redhat.com/articles/1155603 (The redhat.com
<http://redhat.com> links are not yet in place).
The context here was for an IdM server but I also used the same
approach for the IdM replica
and RHEL 7 clients.
hth,
-m
On 08/25/2014 10:22 PM, Chris Whittle wrote:
I've got my server up and running great with one exception every
time I reboot I have to login and flush the iptables or nothing
can connect.
I've found a ton of fixes and none seem to work, I'm on FC20 does
anyone have experience with it and wouldn't mind helping?
--
Red Hat Reference Architectures
Follow Us:https://twitter.com/RedHatRefArch
Plus Us:https://plus.google.com/u/0/b/114152126783830728030/
Like Us:https://www.facebook.com/rhrefarch
--
Red Hat Reference Architectures
Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
