1563629 – RFE: Not able to add any description for particular port via "firewall-cmd" command

This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1563629 - RFE: Not able to add any description for particular port via "firewall-cmd" command

Summary: RFE: Not able to add any description for particular port via "firewall-cmd" c...

Keywords:
Status:	CLOSED MIGRATED
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	firewalld
Sub Component:
Version:	8.1
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	8.1
Assignee:	Eric Garver
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1739421 (view as bug list)
Depends On:	1682341
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-04 11:09 UTC by Nakul Dev
Modified:	2023-11-08 01:43 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-09-21 10:14:51 UTC
Type:	Story
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHEL-5789	0	None	Migrated	None	2023-11-08 01:43:03 UTC

Internal Links: 1739421

Description Nakul Dev 2018-04-04 11:09:35 UTC

Description of problem:

Not having any option to add a description for a port added via "firewall-cmd" command.

Tried to add the description by manually editing the files, but it's getting overwritten while we add the next rule via "firewall-cmd" command.

This specific request is for adding multiple with a proper description for each of them, which was there in IPtables.

Version-Release number of selected component (if applicable):

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.4 (Maipo)

Booted Kernel: 3.10.0-693.11.6.el7.x86_64

# rpm -qa  firewalld
firewalld-0.4.4.4-6.el7.noarch

How reproducible:

There are no options available to set the "description" together with the command to add port.

Steps to Reproduce:
1. Add the port with "--set-description" option:

==========================================================
# firewall-cmd --permanent --set-description="needed for OSI application" --add-port=3348/tcp
success

# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="3348"/> <<-----
</zone>
==========================================================

Port got added to the "public.xml" file but there are no descriptions.


2. Tried to add the description manually to the configuration file:

======================================================
# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="3523"/> # needed for OSI application <<<---------
</zone>


 # firewall-cmd --permanent --add-port=3344/tcp
success


 # cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="3523"/>
  <port protocol="tcp" port="3344"/>
</zone>
======================================================


Actual results:

There is no description being set for any of the ports with "--set-description" option.


Expected results:

There should be some option to set a description for each port as per the user requirement.


Additional info:

We do have the option to set the description for particular service, zones, helper, ipset, icmptype which would be added to the corresponding ".xml" files.

Comment 3 Eric Garver 2018-04-04 13:45:44 UTC

The firewalld way for this is to create a custom service and add it the zone. The service name can provide context and the short can provide further information.
e.g.

  # firewall-cmd --permanent --new-service=foobar                                                                                                            
  # firewall-cmd --permanent --service=foobar --set-short="this is my description of foobar"
  # firewall-cmd --permanent --service=foobar --add-port=3384/tcp
  # firewall-cmd --permanent --add-service foobar

  # firewall-cmd --permanent --list-all
  public
    ... 
    services: dhcpv6-client ssh foobar

  # firewall-cmd --permanent --service=foobar --get-short
  this is my description of foobar

Comment 10 Amol Jawarkar 2018-05-24 16:05:01 UTC

Hi,

Just wanted to check, if there is any progress on this RFE.

Comment 11 Eric Garver 2018-05-24 18:40:54 UTC

(In reply to Amol Jawarkar from comment #10)
> Hi,
> 
> Just wanted to check, if there is any progress on this RFE.

No progress nor estimate of when it'll be done.

Comment 21 Sangam 2020-04-21 02:42:45 UTC

*** Bug 1739421 has been marked as a duplicate of this bug. ***

Comment 28 RHEL Program Management 2023-09-21 10:09:48 UTC

Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.

Comment 29 RHEL Program Management 2023-09-21 10:14:51 UTC

This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information.

Comment 30 shamrocksmelt 2023-11-08 01:43:04 UTC Comment hidden (spam)

I'm writing this comment because it wasn't until I restarted the systemctl with systemctl restart firewalld with sudo: https://geometrydashlite.co

I had attempted every suggestion above. the VM was restarted. In VNIC, I even made the rules. However, it wasn't fixed until the service was restarted. The Oracle Cloud Network environment VM: Compute Instance (using Oracle Linux 8 as a developer) https://access.redhat.com/articles/7032570

Note You need to log in before you can comment on or make changes to this bug.