From Fedora Project Wiki

 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
= Description =
 
= Description =
  
This is the test case to check if runtime changes of firewall zones are usable.  
+
This is the test case to check if '''runtime''' changes of firewall zones are usable.  
  
Settings in the zone done with firewall-cmd (without --permanent switch) are only valid till reboot or firewalld service restart.
+
Settings in the zone done with ''firewall-cmd'' (without ''--permanent'' switch) are only valid till reboot or firewalld service restart.
  
 
= How to test =
 
= How to test =
  
Get settings of 'work' zone
+
Get settings of ''work'' zone
  
 
   firewall-cmd --zone=work --list-all
 
   firewall-cmd --zone=work --list-all
  
Enable service 'samba-client' in zone 'work'
+
Enable service ''samba-client'' in zone ''work''
  
 
   firewall-cmd --zone=work --add-service=samba-client
 
   firewall-cmd --zone=work --add-service=samba-client
Line 28: Line 28:
 
   firewall-cmd --zone=work --list-services
 
   firewall-cmd --zone=work --list-services
  
should contain samba-client.
+
should contain ''samba-client''.
  
 
Now undo the previous change.
 
Now undo the previous change.
Line 43: Line 43:
 
   firewall-cmd --zone=work --list-all
 
   firewall-cmd --zone=work --list-all
  
should now show the same output as for the first time, i.e. no samba-client.
+
should now show the same output as for the first time, i.e. no ''samba-client''.
 +
 
 +
For more examples see also [http://fedoraproject.org/wiki/FirewallD#Runtime_zone_handling http://fedoraproject.org/wiki/FirewallD]

Latest revision as of 17:18, 11 December 2012

Description

This is the test case to check if runtime changes of firewall zones are usable.

Settings in the zone done with firewall-cmd (without --permanent switch) are only valid till reboot or firewalld service restart.

How to test

Get settings of work zone

 firewall-cmd --zone=work --list-all

Enable service samba-client in zone work

 firewall-cmd --zone=work --add-service=samba-client

To check (as root) if it has been enabled:

 iptables-save | grep work

These two lines should be in the output:

 -A IN_ZONE_work_allow -p udp -m udp --dport 137 -j ACCEPT
 -A IN_ZONE_work_allow -p udp -m udp --dport 138 -j ACCEPT

And

 firewall-cmd --zone=work --list-services

should contain samba-client.

Now undo the previous change. You can either manually remove the service

 firewall-cmd --zone=work --remove-service=samba-client

or just restart firewalld,

 service firewalld restart

because the change we did has not been permanent.

 firewall-cmd --zone=work --list-all

should now show the same output as for the first time, i.e. no samba-client.

For more examples see also http://fedoraproject.org/wiki/FirewallD