Bug 1506848 - The default firewall for Modular Server disallows access to Cockpit
Summary: The default firewall for Modular Server disallows access to Cockpit
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: fedora-modular-release
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1492240
TreeView+ depends on / blocked
 
Reported: 2017-10-27 01:20 UTC by Stephen Gallagher
Modified: 2017-10-28 11:08 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-10-28 11:08:26 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Stephen Gallagher 2017-10-27 01:20:20 UTC 
Description of problem:
One of the requirements for Server Edition is that Cockpit must be accessible after a default installation from the install media. The current firewall configuration disallows access to the Cockpit port (9090).

Version-Release number of selected component (if applicable):
fedora-modular-release-27-6.module_8a5444d0.noarch

How reproducible:
Every time

Steps to Reproduce:
1. Install Fedora Modular Server
2. Log in locally
3. Run `firewall-cmd --list-all`

Actual results:
"cockpit" is not listed as an accessible service

Expected results:
"cockpit" should be allowed by the default firewall rules.

Additional info:
Comment 1 Stephen Gallagher 2017-10-27 12:57:57 UTC 
The new version of the fedora-modular-release package now reports itself with VARIANT_ID=server. This should indicate to firewalld that it should use the Fedora Server default firewall which allows Cockpit.
Comment 2 Stephen Gallagher 2017-10-28 11:08:26 UTC 
Confirmed fixed in compose Fedora-Modular-27-20171027.n.2

```
[root@fonts ~]# firewall-cmd --list-all
FedoraServer (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources: 
  services: ssh dhcpv6-client cockpit
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

```
Note You need to log in before you can comment on or make changes to this bug.