perfSONAR User Q&A and Other Discussion

[Michael Petry <>]

Symon,

Thanks for the followup.

Firewall-cmd does give the expected results.  The issue is that I had to first start firewalld and also run

"/usr/lib/perfsonar/script/configure_firewall install” by hand.  The docs leave a reader with the impression that it

is all enabled and configured by default.  Also the docs (listed as part of the 4.0RC2 candidate) are very

iptable centric while the script actions are centered around firewall-cmd.

The Fail2ban setup has a similar conflict on docs vs. action.

I wanted to report it as an issue so it doesn’t get lost before final release.

Migrating to Centos7 brings lots of changes that may trip some people up. I welcome the changes, especially the improved network stack performance.

Thanks again,

Mike

firewall-cmd  --list-all

public (default, active)

  interfaces: p1p1

  sources: 

  services: bwctl dhcpv6-client http https ndt npad ntp oppd owamp ssh traceroute

  ports: 6001-6200/tcp 5601-5900/tcp 8760-9960/udp 5601-5900/udp 6001-6200/udp 5301-5600/udp 5001-5300/tcp 8760-9960/tcp 5001-5300/udp 5301-5600/tcp

  masquerade: no

  forward-ports: 

  icmp-blocks: 

  rich rules: 

On Nov 17, 2016, at 2:59 AM, Szymon Trocha <> wrote:

W dniu 17.11.2016 o 08:57, Szymon Trocha pisze:

W dniu 16.11.2016 o 17:11, Michael Petry pisze:

Reading the docs at:
http://docs.perfsonar.net/release_candidates/4.0rc2/manage_security.html

left me with the impression that iptables/firewalld was enabled with the specified default rules.
That doesn't seem to be the case when installing/booting from the ISO image 4.0 RC2 Nov 1

Is that the intent or did I misread the docs/release notes?

Thanks,
Mike

Hi Mike,

What do you get when you issue:

firewall-cmd --get-active-zones ?

Sorry, it should have been: firewall-cmd --list-all


-- 
Szymon Trocha

Poznań Supercomputing & Networking Center
Tel. +48 618582022 ::: http://noc.pcss.pl