-
Story
-
Resolution: Won't Do
-
Normal
-
None
-
rhel-8.1.0
-
Medium
-
rhel-net-core
-
ssg_networking
-
15
-
False
-
False
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
x86_64
-
None
-
57,005
Description of problem:
Not having any option to add a description for a port added via "firewall-cmd" command.
Tried to add the description by manually editing the files, but it's getting overwritten while we add the next rule via "firewall-cmd" command.
This specific request is for adding multiple with a proper description for each of them, which was there in IPtables.
Version-Release number of selected component (if applicable):
- cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.4 (Maipo)
Booted Kernel: 3.10.0-693.11.6.el7.x86_64
- rpm -qa firewalld
firewalld-0.4.4.4-6.el7.noarch
How reproducible:
There are no options available to set the "description" together with the command to add port.
Steps to Reproduce:
1. Add the port with "--set-description" option:
==========================================================
- firewall-cmd --permanent --set-description="needed for OSI application" --add-port=3348/tcp
success
- cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<port protocol="tcp" port="3348"/> <<-----
</zone>
==========================================================
Port got added to the "public.xml" file but there are no descriptions.
2. Tried to add the description manually to the configuration file:
======================================================
- cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<port protocol="tcp" port="3523"/> # needed for OSI application <<<---------
</zone>
- firewall-cmd --permanent --add-port=3344/tcp
success
- cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<port protocol="tcp" port="3523"/>
<port protocol="tcp" port="3344"/>
</zone>
======================================================
Actual results:
There is no description being set for any of the ports with "--set-description" option.
Expected results:
There should be some option to set a description for each port as per the user requirement.
Additional info:
We do have the option to set the description for particular service, zones, helper, ipset, icmptype which would be added to the corresponding ".xml" files.
- external trackers
