[CentOS] firewalld services
Mike - st257
silvertip257 at gmail.com
Tue Dec 29 01:29:12 UTC 2015
On Mon, Dec 28, 2015 at 4:22 PM, Robert Moskowitz <rgm at htt-consult.com>
wrote:
> I am familiar with using commands like:
>
> firewall-cmd --permanent --add-service=http
>
> To enable firewalld services. I am also aware that this is through xml
> 'scripts' in:
>
> /usr/lib/firewalld/services/
>
> But what I find interesting is what services are there and which are not.
> I went a'lookin with:
>
> grep "port=" /usr/lib/firewalld/services/*|more
>
firewall-cmd --get-services
Only the "most common" services, which will undoubtedly be up for
interpretation and opinions will differ.
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7
James has some good information here regarding precedence of service vs
port-based firewalld rules and creating your own custom service definitions.
https://www.hogarthuk.com/?q=node/9
>
> And found some like:
>
> http, https, imaps, smtp, and pop3s
>
> What I do not find are others that I would think are 'standard' like:
>
> pop3 (110) and imap (143)
>
(Given your findings which I've not confirmed...)
With the inclusion of pop3s, I'd expect imap, pop3, and imaps too.
>
> I can understand 587 not being included, but imap?
>
> I can always just add them with:
>
> firewall-cmd --permanent --add-port=587/tcp
>
I noticed the same for SNMP. No pre-configured "service profile" so I had
to use 161/udp ... but it was a small thing. ;-)
>
> But I want to use the standard files. Perhaps because they are there.
> Have I missed how some are handled?
>
I don't think you have.
I was curious some weeks ago at the time, but had my solution with
port-based and moved on to other tasks.
--
---~~.~~---
Mike
// SilverTip257 //
More information about the CentOS
mailing list