perfSONAR User Q&A and Other Discussion

[Hyojoon Kim <>]

I’ll send you that separately. 

Thanks,

Joon 

On Apr 12, 2017, at 9:55 AM, Andrew Lake <> wrote:

Hi,

Thanks for the report and we will take a look. It should be running even when you do an RPM install. May be too late now, but do you happen to have the yum output handy when you ran the yum install?

Thanks,

Andy

On April 11, 2017 at 3:16:48 PM, Hyojoon Kim () wrote:

Hi all, 

I just wanted to share that this still seems to be the case: that I have to run "/usr/lib/perfsonar/script/configure_firewall install” manually to get the firewall rules correctly installed in the perfSONAR host, with perfSONAR 4.0 RC3 on CentOS 7. Reboot does not seem to run the script. 

Probably this is not the case when you get an pre-made perfSONAR CentOS ISO. However, in my environment I had my own CentOS 7 and installed perfSONAR 4.0 RC3 via yum (perfsonar-toolkit bundle) separately (http://docs.perfsonar.net/release_candidates/4.0rc3/install_centos.html). In this case, I had to manually run that command. 

Thanks, 

Joon 

On Nov 17, 2016, at 1:34 PM, Michael Petry <> wrote:

Symon,

Thanks for the followup.

Firewall-cmd does give the expected results.  The issue is that I had to first start firewalld and also run

"/usr/lib/perfsonar/script/configure_firewall install” by hand.  The docs leave a reader with the impression that it

is all enabled and configured by default.  Also the docs (listed as part of the 4.0RC2 candidate) are very

iptable centric while the script actions are centered around firewall-cmd.

The Fail2ban setup has a similar conflict on docs vs. action.

I wanted to report it as an issue so it doesn’t get lost before final release.

Migrating to Centos7 brings lots of changes that may trip some people up. I welcome the changes, especially the improved network stack performance.

Thanks again,

Mike

firewall-cmd  --list-all

public (default, active)

  interfaces: p1p1

  sources: 

  services: bwctl dhcpv6-client http https ndt npad ntp oppd owamp ssh traceroute

  ports: 6001-6200/tcp 5601-5900/tcp 8760-9960/udp 5601-5900/udp 6001-6200/udp 5301-5600/udp 5001-5300/tcp 8760-9960/tcp 5001-5300/udp 5301-5600/tcp

  masquerade: no

  forward-ports: 

  icmp-blocks: 

  rich rules: 

On Nov 17, 2016, at 2:59 AM, Szymon Trocha <> wrote:

W dniu 17.11.2016 o 08:57, Szymon Trocha pisze:

W dniu 16.11.2016 o 17:11, Michael Petry pisze:

Reading the docs at:
http://docs.perfsonar.net/release_candidates/4.0rc2/manage_security.html

left me with the impression that iptables/firewalld was enabled with the specified default rules.
That doesn't seem to be the case when installing/booting from the ISO image 4.0 RC2 Nov 1

Is that the intent or did I misread the docs/release notes?

Thanks,
Mike

Hi Mike,

What do you get when you issue:

firewall-cmd --get-active-zones ?

Sorry, it should have been: firewall-cmd --list-all


-- 
Szymon Trocha

Poznań Supercomputing & Networking Center
Tel. +48 618582022 ::: http://noc.pcss.pl