Re: defining firewalld services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03.07.2014 15:39, Rex Dieter wrote:
> I'm looking into providing a predefined firewalld service definition for 
> kde-connect, per
> https://bugzilla.redhat.com/show_bug.cgi?id=1115547
> 
> Looks like it's as easy as dropping an xml snippet into 
> /usr/lib/firewalld/services/
> 
> I'm also noticing currently that the only package besides fallwalld itself 
> doing this is cockpit, which includes a %post scriptlet:
> 
> # firewalld only partially picks up changes to its services files 
> # without this
> test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
> 
> 
> Is this the recommended approach?  If so, I'll follow this lead, and maybe 
> start work on drafting some packaging guidelines.

Thomas Woerner would be the one to work out those guidelines.

But to explain ... apparently there are two firewalld "environments".
When you install a service file it only affects the installed
environment (used after a reboot) and not the current "runtime environment".

This means that a user can't immediately use your service definition in
a command like:

$ firewall-cmd --add-service=cockpit

The command:

$ firewall-cmd --reload

... makes newly installed service files available in the runtime
environment. I guess this is sorta analogous to 'systemctl daemon-reload'.

Stef

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux