QA:Testcase use firewalld zones

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
m
 
Line 44: Line 44:
  
 
should now show the same output as for the first time, i.e. no ''samba-client''.
 
should now show the same output as for the first time, i.e. no ''samba-client''.
 +
 +
For more examples see also [http://fedoraproject.org/wiki/FirewallD#Runtime_zone_handling http://fedoraproject.org/wiki/FirewallD]

Latest revision as of 17:18, 11 December 2012

[edit] Description

This is the test case to check if runtime changes of firewall zones are usable.

Settings in the zone done with firewall-cmd (without --permanent switch) are only valid till reboot or firewalld service restart.

[edit] How to test

Get settings of work zone

 firewall-cmd --zone=work --list-all

Enable service samba-client in zone work

 firewall-cmd --zone=work --add-service=samba-client

To check (as root) if it has been enabled:

 iptables-save | grep work

These two lines should be in the output:

 -A IN_ZONE_work_allow -p udp -m udp --dport 137 -j ACCEPT
 -A IN_ZONE_work_allow -p udp -m udp --dport 138 -j ACCEPT

And

 firewall-cmd --zone=work --list-services

should contain samba-client.

Now undo the previous change. You can either manually remove the service

 firewall-cmd --zone=work --remove-service=samba-client

or just restart firewalld,

 service firewalld restart

because the change we did has not been permanent.

 firewall-cmd --zone=work --list-all

should now show the same output as for the first time, i.e. no samba-client.

For more examples see also http://fedoraproject.org/wiki/FirewallD