Chris,

My understanding is that firewalld "services" are where we're heading but I'm not entirely
sure how much or how little of these are fully supported/available yet.

I've copied Thomas - he'll know :-)

-m



On 08/26/2014 10:26 AM, Chris Whittle wrote:
Here is what I found that seems to work from http://adam.younglogic.com/2013/04/firewall-d-for-freeipa/

It only has to be ran once...

cat >/etc/firewalld/services/kerberos.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>kerberos</short>
  <description>Kerberos</description>
  <port protocol="tcp" port="88"/>
  <port protocol="udp" port="88"/>
</service>
EOD

  cat >/etc/firewalld/services/kpasswd.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>kpasswd</short>
  <description>kpasswd</description>
  <port protocol="tcp" port="464"/>
  <port protocol="udp" port="464"/>
</service>
EOD

  cat >/etc/firewalld/services/ldap.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ldap</short>
  <description>Lightweight Directory Access Protocol</description>
  <port protocol="tcp" port="389"/>
</service>
EOD

  cat >/etc/firewalld/services/ldaps.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>ldaps</short>
<description>Lightweight Directory Access Protocol over SSL</description>
  <port protocol="tcp" port="636"/>
</service>
EOD

  firewall-cmd --permanent --zone=public --add-service=dns
  firewall-cmd --permanent --zone=public --add-service=http
  firewall-cmd --permanent --zone=public --add-service=https
  firewall-cmd --permanent --zone=public --add-service=kerberos
  firewall-cmd --permanent --zone=public --add-service=kpasswd
  firewall-cmd --permanent --zone=public --add-service=ldap
  firewall-cmd --permanent --zone=public --add-service=ldaps
  firewall-cmd --permanent --zone=public --add-service=ntp
  firewall-cmd --reload



On Tue, Aug 26, 2014 at 9:22 AM, Mark Heslin <mhes...@redhat.com <mailto:mhes...@redhat.com>> wrote:

    Hi Chris,

    Take a look at the attached snippet - it will walk you through
    configuring firewalld
    with named chains on RHEL 7. You don't have to use named chains
    but makes managing
    multiple chains cleaner. Do make sure you 'mask' iptables - only
    using 'disable' can still cause
    conflicts in some circumstances.

    This is extracted from the recently published reference
    architecture "Integrating OpenShift Enterprise
    with IdM in RHEL 7":

    https://access.redhat.com/articles/1155603 (The redhat.com
    <http://redhat.com> links are not yet in place).

    The context here was for an IdM server but I also used the same
    approach for the IdM replica
    and RHEL 7 clients.

    hth,

    -m



    On 08/25/2014 10:22 PM, Chris Whittle wrote:
    I've got my server up and running great with one exception every
    time I reboot I have to login and flush the iptables or nothing
    can connect.

    I've found a ton of fixes and none seem to work, I'm on FC20 does
    anyone have experience with it and wouldn't mind helping?




--
    Red Hat Reference Architectures

    Follow Us:https://twitter.com/RedHatRefArch
    Plus Us:https://plus.google.com/u/0/b/114152126783830728030/
    Like Us:https://www.facebook.com/rhrefarch




--

Red Hat Reference Architectures

Follow Us: https://twitter.com/RedHatRefArch
Plus Us: https://plus.google.com/u/0/b/114152126783830728030/
Like Us: https://www.facebook.com/rhrefarch

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to