Bug 1411639

Description of problem:
In section 2.1.4. Port Requirements of https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html, I expect to see that standard firewalld services are used instead of directly adding ports to the firewall.

Version-Release number of selected component (if applicable):


How reproducible:
-

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:
the exact same as opening the ports with the already described way 

Additional info:

** cst is proposing this 

firewall-cmd --add-service=freeipa-ldap --permanent
firewall-cmd --add-service=freeipa-ldaps --permanent
firewall-cmd --add-service=dns --permanent
firewall-cmd --reload


** as seen in the doc:

"Table 2.1. Identity Management Ports"

Service 	Ports 	        Protocol
HTTP/HTTPS 	80, 443 	TCP
LDAP/LDAPS 	389, 636 	TCP
Kerberos 	88, 464 	TCP and UDP
DNS 	        53 	        TCP and UDP
NTP 	        123 	        UDP

[root@server ~]# firewall-cmd --permanent --add-port={80/tcp,443/tcp,389/tcp,636/tcp,88/tcp,464/tcp,53/tcp,88/udp,464/udp,53/udp,123/udp}


** as seen in my VM

[root@ipa1 ~]# cat /usr/lib/firewalld/services/freeipa-ldap.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>FreeIPA with LDAP</short>
  <description>FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option if you plan to provide a FreeIPA Domain Controller using the LDAP protocol. You can also enable the 'freeipa-ldaps' service if you want to provide the LDAPS protocol. Enable the 'dns' service if this FreeIPA server provides DNS services and 'freeipa-replication' service if this FreeIPA server is part of a multi-master replication setup.</description>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="443"/>
  <port protocol="tcp" port="88"/>
  <port protocol="udp" port="88"/>
  <port protocol="tcp" port="464"/>
  <port protocol="udp" port="464"/>
  <port protocol="udp" port="123"/>
  <port protocol="tcp" port="389"/>
</service>

[root@ipa1 ~]# cat /usr/lib/firewalld/services/freeipa-ldaps.xml 
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>FreeIPA with LDAPS</short>
  <description>FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option if you plan to provide a FreeIPA Domain Controller using the LDAPS protocol. You can also enable the 'freeipa-ldap' service if you want to provide the LDAP protocol. Enable the 'dns' service if this FreeIPA server provides DNS services and 'freeipa-replication' service if this FreeIPA server is part of a multi-master replication setup.</description>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="443"/>
  <port protocol="tcp" port="88"/>
  <port protocol="udp" port="88"/>
  <port protocol="tcp" port="464"/>
  <port protocol="udp" port="464"/>
  <port protocol="udp" port="123"/>
  <port protocol="tcp" port="636"/>
</service>

 
[root@ipa1 ~]# cat /usr/lib/firewalld/services/dns.xml 
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>DNS</short>
  <description>The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).</description>
  <port protocol="tcp" port="53"/>
  <port protocol="udp" port="53"/>
</service>