Bug 1563629 - RFE: Not able to add any description for particular port via "firewall-cmd" command
Summary: RFE: Not able to add any description for particular port via "firewall-cmd" c...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: firewalld
Version: 8.1
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: 8.1
Assignee: Eric Garver
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
: 1739421 (view as bug list)
Depends On: 1682341
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-04 11:09 UTC by Nakul Dev
Modified: 2021-04-13 14:42 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Nakul Dev 2018-04-04 11:09:35 UTC
Description of problem:

Not having any option to add a description for a port added via "firewall-cmd" command.

Tried to add the description by manually editing the files, but it's getting overwritten while we add the next rule via "firewall-cmd" command.

This specific request is for adding multiple with a proper description for each of them, which was there in IPtables.

Version-Release number of selected component (if applicable):

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.4 (Maipo)

Booted Kernel: 3.10.0-693.11.6.el7.x86_64

# rpm -qa  firewalld
firewalld-0.4.4.4-6.el7.noarch

How reproducible:

There are no options available to set the "description" together with the command to add port.

Steps to Reproduce:
1. Add the port with "--set-description" option:

==========================================================
# firewall-cmd --permanent --set-description="needed for OSI application" --add-port=3348/tcp
success

# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="3348"/> <<-----
</zone>
==========================================================

Port got added to the "public.xml" file but there are no descriptions.


2. Tried to add the description manually to the configuration file:

======================================================
# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="3523"/> # needed for OSI application <<<---------
</zone>


 # firewall-cmd --permanent --add-port=3344/tcp
success


 # cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="3523"/>
  <port protocol="tcp" port="3344"/>
</zone>
======================================================


Actual results:

There is no description being set for any of the ports with "--set-description" option.


Expected results:

There should be some option to set a description for each port as per the user requirement.


Additional info:

We do have the option to set the description for particular service, zones, helper, ipset, icmptype which would be added to the corresponding ".xml" files.

Comment 3 Eric Garver 2018-04-04 13:45:44 UTC
The firewalld way for this is to create a custom service and add it the zone. The service name can provide context and the short can provide further information.
e.g.

  # firewall-cmd --permanent --new-service=foobar                                                                                                            
  # firewall-cmd --permanent --service=foobar --set-short="this is my description of foobar"
  # firewall-cmd --permanent --service=foobar --add-port=3384/tcp
  # firewall-cmd --permanent --add-service foobar

  # firewall-cmd --permanent --list-all
  public
    ... 
    services: dhcpv6-client ssh foobar

  # firewall-cmd --permanent --service=foobar --get-short
  this is my description of foobar

Comment 10 Amol Jawarkar 2018-05-24 16:05:01 UTC
Hi,

Just wanted to check, if there is any progress on this RFE.

Comment 11 Eric Garver 2018-05-24 18:40:54 UTC
(In reply to Amol Jawarkar from comment #10)
> Hi,
> 
> Just wanted to check, if there is any progress on this RFE.

No progress nor estimate of when it'll be done.

Comment 21 Sangam 2020-04-21 02:42:45 UTC
*** Bug 1739421 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.