From Fedora Project Wiki

(Created page with "= Description = This is the test case to check if firewall zones are usable. = How to test = 1. Get settings of 'work' zone firewall-cmd --list=all --zone=work 2. Enable ...")
 
Line 2: Line 2:
  
 
This is the test case to check if firewall zones are usable.  
 
This is the test case to check if firewall zones are usable.  
 +
 +
Settings in the zone dowe with firewall-cmd or with the D-BUS interface are only valid till reboot or firewalld service restart.
  
 
= How to test =
 
= How to test =
Line 22: Line 24:
 
   -A IN_ZONE_work_allow -p udp -m udp --dport 138 -j ACCEPT
 
   -A IN_ZONE_work_allow -p udp -m udp --dport 138 -j ACCEPT
  
3. Disbable service 'samba-client' in zone 'work'
+
3. Disable service 'samba-client' in zone 'work'
  
 
   firewall-cmd --remove --zone=work --service=samba-client
 
   firewall-cmd --remove --zone=work --service=samba-client
  
4. Get a list of all suported services:
+
4. Get a list of all supported services:
  
 
   firewall-cmd --list=services
 
   firewall-cmd --list=services

Revision as of 10:49, 16 March 2012

Description

This is the test case to check if firewall zones are usable.

Settings in the zone dowe with firewall-cmd or with the D-BUS interface are only valid till reboot or firewalld service restart.

How to test

1. Get settings of 'work' zone

 firewall-cmd --list=all --zone=work

2. Enable service 'samba-client' in zone 'work'

 firewall-cmd --add --zone=work --service=samba-client

To check if it has been enabled:

 iptables-save | grep work

These two lines should be in the output:

 -A IN_ZONE_work_allow -p udp -m udp --dport 137 -j ACCEPT
 -A IN_ZONE_work_allow -p udp -m udp --dport 138 -j ACCEPT

3. Disable service 'samba-client' in zone 'work'

 firewall-cmd --remove --zone=work --service=samba-client

4. Get a list of all supported services:

 firewall-cmd --list=services

The result should be:

 cluster-suite pop3s bacula-client smtp ipp radius bacula ftp mdns samba 
 dhcpv6-client dns openvpn imaps samba-client http https telnet libvirt ssh 
 ipsecipp-client amanda-client tftp-client dhcpv6 nfs tftp libvirt-tls