Re: [PATCH v2 4/7] configure: selectively install a firewalld 'libvirt' zone

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/1/19 8:28 AM, Eric Garver wrote:
On Thu, Jan 31, 2019 at 10:10:43PM -0500, Laine Stump wrote:
On 1/31/19 8:24 PM, Laine Stump wrote:
Changes from V1:
[...]
* make the <reject/> rule's priority 32767 instead of 127.
[...]
+
+<rule priority='32767'>
+  <reject/>
+</rule>

I found out after sending this that when I make the priority of the reject
rule 32767 instead of 127, it's apparently ignored (in my example, I was
able to ssh to port 222 of the host even though the zone doesn't allow
that).


Eric, any idea why this might be happening?
What build are you testing against? At one point the limit was 127, but
I increased it before pushing it upstream. You can check the firewalld
logs - there may be an error reporting the above priority is out of
range.

Ah, maybe you haven't backported that change to RHEL? I was testing on my RHEL8 beta system. If that's the case, then either we need that change backported to RHEL too, or I need to change the priority back to 127.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux