| Summary: | CUPS does not print when firewalld is running | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | cblaauw <carstenblaauw> | ||||
| Component: | firewalld | Assignee: | Thomas Woerner <twoerner> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 17 | CC: | jpopelka, per.mathisen, twoerner | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-05-23 16:03:08 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
|
Description
cblaauw
2012-04-10 16:39:04 UTC
Can you attach an output from Printing troubleshooter when you try to print with firewalld running ? https://fedoraproject.org/wiki/Printing/Debugging#Printing_troubleshooter Created attachment 915438 [details]
Comment
(This comment was longer than 65,535 characters and has been moved to an attachment by Red Hat Bugzilla).
Does that change anything when you edit /etc/firewalld/firewalld.conf, change DefaultZone=public to DefaultZone=internal or to DefaultZone=trusted, and run 'systemctl restart firewalld.service' ? DefaultZone=internal works DefaultZone=trusted works, too Thanks, what about 'DefaultZone=work' ? DefaultZone=work also works I think it would be a nice thing, if it was possible to use a printer even in the default setup of the firewall, or to configure it automatically, when a printer is added. I changed my default zone to 'work', that works. How can I enable the port 25565 permanently? So, I tried it myself by looking at the files in /usr/lib/firewalld and /etc/firewalld. First I created a new file /etc/firewalld/services/minecraft.xml that defines tcp port 25565. Second I copied internal.xml to /etc/firewalld/zones/cb.xml, added the service 'minecraft' there and changed the default zone to 'cb'. So far that seems to work. Is there a way to do something like this with less manual work or is that just the way to do it? (In reply to comment #11) > Is there a way to do something like this with less manual work or is that > just the way to do it? Brilliant! That's indeed the way. There will finally be a documentation to this in the next firewalld release, but you don't need it anymore :) We don't have a GUI (firewall-config) yet so this is really the only way to do it at the moment. One last question, is there some kind of inheritance regarded the files in /etc/firewalld and /usr/lib/firewalld are is copying from /usr/lib/firewalld to /etc/firewalld always necessary? Thanks! No, there is no inheritance. The files in /usr/lib/firewalld are overloaded by the files in /etc/firewalld. Only immutable zones can not be overloaded. You should copy the files over to /etc/firewalld that you want to modify. Closing. The way how to permanently allow a service or add a port is described in man pages shipped with firewalld-0.2.5-1.fc17. https://admin.fedoraproject.org/updates/firewalld-0.2.5-1.fc17 The gnome printer config tricks the user into installing firewalld, which has no configuration program yet. Attempting to start the old firewall configuration program tells you to start firewall-config, which does not yet exist in F17. Attempting to print will show the print job forever stuck in the print queue because firewalld does not open the necessary port. As a user, you are supposed to understand somehow that the problem is with the firewall, and fix it by reading firewalld's man page and knowing somehow which port/service you need opened. User-friendliness at its absolutely worst. I suggest you fix this problem at its root by removing gnome printer config until it works with the rest of your software stack. |