Bug 975060
Summary: | [RFE] Firewalld does not ship with rules for rpcbind / legacy nfs | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jiri Popelka <jpopelka> | ||||||
Component: | firewalld | Assignee: | Eric Garver <egarver> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | rawhide | CC: | edgar.hoch, jonrysh, jpopelka, nobody, pahan, rcyriac, rdieter, samuel-rhbugs, steved, twoerner | ||||||
Target Milestone: | --- | Keywords: | FutureFeature | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Enhancement | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2018-08-10 14:57:35 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Jiri Popelka
2013-06-17 14:27:32 UTC
*** Bug 815645 has been marked as a duplicate of this bug. *** It's difficult to know what ports the rpcbind services will want when they boot, but firewalld expects static, unchanging rule definitions in the XML files. So for each service you care about, you /could/ plug in a script that scrapes rpcinfo and generates an xml and then have firewalld refresh, but that seems costly. A real solution would (possibly) involve allowing rpcbind some callback mechanisms to generate new rule files as it needs to as services come up, and being able to either inform firewalld that a single service xml has been generated / modified, or ... Just adding rpcbind support directly into firewalld's reading of conf files -- or some other generic plugin mechanism to allow firewalld to obtain at runtime the correct port information (from scripts or otherwise.) At the very least, users who are having issues and want a quick-fix can use the systemd hack attached. I also wrote a more generic one-per-rpcbind-service mechanism, which people might find useful for things like ypserv and ypbind as well. Created attachment 762045 [details]
generic rpcbind rule generator for firewalld
This was fixed a long time ago. firewalld ships with services; mountd, rpc-bind, nfs, nfs3 Not adding Fixed In Version because it was so long ago. |