Fedora Linux Support Community & Resources Center
  #1  
Old 11th April 2012, 06:18 AM
Doug G Offline
Registered User
 
Join Date: Jul 2005
Posts: 640
linuxfirefox
How to open a port in firewalld

Well, I just installed f17 rc3 on a kvm machine, install went well. I am connecting via SSH (no gui) and for the life of me I can't figure how to open a port in firewalld using firewall-cmd

I tried : firewall-cmd --add --zone=public --port=5911:tcp but get back the helpful message "need more than 1 value to unpack"

I know firewalld is active, if I use systemctl stop firewalld.service I can connect fine to the port in question.

Is there any decent documentation anywhere on firewall-cmd? The man page is, shall we say, content-challenged.
__________________
======
Doug G
======
Reply With Quote
  #2  
Old 11th April 2012, 06:27 AM
DBelton Offline
Administrator
 
Join Date: Aug 2009
Posts: 7,318
linuxfirefox
Re: How to open a port in firewalld

try

firewall-cmd --enable --port=5911:tcp
Reply With Quote
  #3  
Old 11th April 2012, 06:40 AM
Doug G Offline
Registered User
 
Join Date: Jul 2005
Posts: 640
linuxfirefox
Re: How to open a port in firewalld

After some more fiddling, this syntax seemed to work:

Code:
firewall-cmd --zone=public --add --port=5911/tcp
But this doesn't persist between reboots, I had to re-issue the above to re-open the port after a reboot of the vm. How does one permenantly open a port?

Oh, thanks DBelton, I didn't see your answer until I submitted this
__________________
======
Doug G
======

Last edited by Doug G; 11th April 2012 at 06:42 AM.
Reply With Quote
  #4  
Old 13th May 2012, 06:54 PM
raviprak Offline
Registered User
 
Join Date: May 2012
Location: NONEURBIZ
Posts: 1
linuxfirefox
Re: How to open a port in firewalld

For me --enable didn't work.
$ firewall-cmd --enable --port=24800:tcp
Wrong action and mode combination
$ firewall-cmd --enable --port=24800/tcp
Wrong action and mode combination

But add did
$ sudo firewall-cmd --add --port=24800/tcp
Reply With Quote
  #5  
Old 19th May 2012, 10:39 PM
Raphos Offline
Registered User
 
Join Date: Jan 2010
Location: Elsass
Posts: 17
linuxfirefox
Re: How to open a port in firewalld

Hi,
Quote:
Originally Posted by raviprak View Post
For me --enable didn't work.
$ firewall-cmd --enable --port=24800:tcp
Wrong action and mode combination
$ firewall-cmd --enable --port=24800/tcp
Wrong action and mode combination

But add did
$ sudo firewall-cmd --add --port=24800/tcp
Same results with $ firewall-cmd --enable --port=24800:tcp and $ firewall-cmd --enable --port=24800/tcp.

firewall-cmd --add --port=24800/tcp is working and the port is open but this doesn't persist after reboot too..

-- EDIT --

firewall-cmd --zone=public --add --port=5911/tcp doesn't persist after reboot too.

I did this but I don't know if it's clean : I edit the /usr/lib/firewalld/zones/public.xml file and change it like this
Quote:
<?xml version="1.0" encoding="utf-8"?>
<zone name="public">
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<port port="port nb" protocol="tcp"/>
<port port="port nb" protocol="udp"/>

</zone>
The port still be open after reboot.

So, if someone have a much cleaner way to do it would be nice.
__________________
Music is the Best : The La Radio

Last edited by Raphos; 19th May 2012 at 11:10 PM.
Reply With Quote
  #6  
Old 21st May 2012, 10:06 PM
AdamW Offline
Fedora QA Community Monkey
 
Join Date: Dec 2008
Location: Vancouver, BC
Posts: 4,176
linuxfirefox
Re: How to open a port in firewalld

it's never clean to edit any file in /usr , as a general rule. I'm afraid I don't know the 'right' way to do it, sorry :/ but any kind of user editable config file will be in /etc, not /usr.
__________________
Adam Williamson | awilliam AT redhat DOT com
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
Reply With Quote
  #7  
Old 21st May 2012, 10:51 PM
dd_wizard Offline
Registered User
 
Join Date: Sep 2009
Posts: 1,409
linuxfedorafirefox
Re: How to open a port in firewalld

I'd say you want to copy the appropriate file in /usr/lib/firewalld/zones to /etc/firewalld/zones and edit the copy:
Code:
# ll /etc/firewalld/zones
total 0

# ll /usr/lib/firewalld/zones
total 36
-rw-r-----. 1 root root 269 Apr 20 12:33 block.xml
-rw-r-----. 1 root root 304 Apr 20 12:33 dmz.xml
-rw-r-----. 1 root root 238 Apr 20 12:33 drop.xml
-rw-r-----. 1 root root 335 Apr 20 12:33 external.xml
-rw-r-----. 1 root root 412 Apr 20 12:33 home.xml
-rw-r-----. 1 root root 431 Apr 20 12:33 internal.xml
-rw-r-----. 1 root root 329 Apr 20 12:33 public.xml
-rw-r-----. 1 root root 194 Apr 20 12:33 trusted.xml
-rw-r-----. 1 root root 354 Apr 20 12:33 work.xml
dd_wizard
Reply With Quote
  #8  
Old 22nd May 2012, 06:29 AM
AdamW Offline
Fedora QA Community Monkey
 
Join Date: Dec 2008
Location: Vancouver, BC
Posts: 4,176
linuxfirefox
Re: How to open a port in firewalld

that sounds pretty likely; it's a common design these days.
__________________
Adam Williamson | awilliam AT redhat DOT com
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
Reply With Quote
  #9  
Old 22nd May 2012, 08:57 AM
errorxp Offline
Registered User
 
Join Date: Jul 2007
Posts: 371
linuxfirefox
Re: How to open a port in firewalld

Or, instead of bashing your head against the wall you could uninstall firewalld and install iptables and system-config-firewall (gui tool). That's what I did anyway. Won't be touching firewalld until the gui tool is done.
__________________
these command lines are like casino slot machines, every time I input commands NOTHING HAPPENS
Reply With Quote
  #10  
Old 22nd May 2012, 07:09 PM
dd_wizard Offline
Registered User
 
Join Date: Sep 2009
Posts: 1,409
linuxfedorafirefox
Re: How to open a port in firewalld

Quote:
Originally Posted by AdamW View Post
that sounds pretty likely; it's a common design these days.
Just out of curiousity, is that level of firewalld administration documented anywhere?

dd_wizard
Reply With Quote
  #11  
Old 22nd May 2012, 08:03 PM
AdamW Offline
Fedora QA Community Monkey
 
Join Date: Dec 2008
Location: Vancouver, BC
Posts: 4,176
linuxfirefox
Re: How to open a port in firewalld

I have no idea. I voted for comment #9. =)
__________________
Adam Williamson | awilliam AT redhat DOT com
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
Reply With Quote
  #12  
Old 22nd May 2012, 08:17 PM
DBelton Offline
Administrator
 
Join Date: Aug 2009
Posts: 7,318
linuxfirefox
Re: How to open a port in firewalld

While I agree that iptables is getting a bit long in the tooth and needs a complete overhaul, I won't be putting firewalld on my main box here for quite awhile yet.

I have been testing it out on my other boxes, but until I am certain that it is secure and works properly, it won't go on my main box.

Sorry, but to me, security trumps ease of use in a package like a firewall.

But I do like where firewalld is heading. It looks like it will be a pretty good package once finished (unless they let the gnome developers around it )
Reply With Quote
  #13  
Old 22nd May 2012, 08:18 PM
dd_wizard Offline
Registered User
 
Join Date: Sep 2009
Posts: 1,409
linuxfedorafirefox
Re: How to open a port in firewalld

@AdmW:

dd_wizard
Reply With Quote
Reply

Tags
firewalld, open, port

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Modifying firewalld for SSH and Telnet fieldmonkey Servers & Networking 4 8th October 2012 10:34 AM
firewalld not running SycoChihuahua Security and Privacy 0 9th November 2011 09:55 PM
How do i open a port !!! hurrycane Servers & Networking 5 12th November 2005 07:54 AM
Which is better....open port or open service? backroger Security and Privacy 12 20th February 2005 12:49 PM
How to open port 137:139 linux_fed2 Security and Privacy 18 3rd October 2004 02:27 AM


Current GMT-time: 06:33 (Thursday, 24-04-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat