Bug 1479653 - _Load Balancer Administration_'s Add Rich Rule Example Gives Error
_Load Balancer Administration_'s Add Rich Rule Example Gives Error
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-Load_Balancer_Administration (Show other bugs)
7.4
Unspecified Linux
unspecified Severity medium
: rc
: ---
Assigned To: Steven J. Levine
ecs-bugs
: Documentation
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-09 00:30 EDT by Bernie Hoefer
Modified: 2017-08-11 11:00 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-11 11:00:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bernie Hoefer 2017-08-09 00:30:34 EDT
Document URL:
<https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Load_Balancer_Administration/s1-lvs-multi-VSA.html>


Section Number and Name:
3.4.1. Assigning Firewall Marks Using firewalld


Describe the issue:
The add-rich-rule example given near the end of 3.4.1 causes this error to be printed:
  Error: INVALID_RULE: attribute 'port' outside of any element.
  Use 'rule <element> port= ...'.


Suggestions for improvement:
Add "port" and "family=ipv4" into the firewall-cmd command.


Additional information:
Below is the progressions of commands I had to run to get this to work, starting with what is in the _Load Balancer Administration_ document.


# firewall-cmd --add-rich-rule='rule destination address="192.168.1.19" port=80 protocol=tcp mark set="80"' --permanent
Error: INVALID_RULE: attribute 'port' outside of any element. Use 'rule <element> port= ...'.

# firewall-cmd --add-rich-rule='rule destination address="192.168.1.19" port port=80 protocol=tcp mark set="80"' --permanent
Error: MISSING_FAMILY

# firewall-cmd --add-rich-rule='rule family=ipv4 destination address="192.168.1.19" port port=80 protocol=tcp mark set="80"' --permanent
success

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.4 (Maipo)

# rpm -qf `which firewall-cmd`
firewalld-0.4.4.4-6.el7.noarch
Comment 2 Steven J. Levine 2017-08-09 11:03:49 EDT
Brandon:

Can you verify for me whether I can make this correction as noted?  

Stevenn

Note You need to log in before you can comment on or make changes to this bug.