Bug 877035 - Add config files to firewalld for vncserver
Add config files to firewalld for vncserver
Product: Fedora
Classification: Fedora
Component: firewalld (Show other bugs)
Unspecified Linux
unspecified Severity high
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
Depends On:
Blocks: F18Betappc
  Show dependency treegraph
Reported: 2012-11-15 10:10 EST by Brent Baude
Modified: 2013-02-15 07:30 EST (History)
4 users (show)

See Also:
Fixed In Version: firewalld-0.2.10-1.fc18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-02-15 07:30:07 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Brent Baude 2012-11-15 10:10:04 EST
Description of problem:

It looks like firewalld doesn't allow vnc to work by default.  We discussed this with Thomas Woerner on Nov 15th and he asked me to file this bugz.

Version-Release number of selected component (if applicable):

How reproducible:

install vncserver and attempt to connect with firewalld running
Comment 1 Thomas Woerner 2012-11-15 11:41:31 EST
I will add a vnc-server service entry. But it will not be enabled by default.
Comment 2 Brent Baude 2012-11-19 11:18:05 EST
Thanks Thomas, when you check the change in and kick off a build, can you let us know?  Also, can you put in a comment here on how to change default off to default on just so we have some history?
Comment 3 Thomas Woerner 2012-11-20 09:37:19 EST
This is the service entry I am adding right now:

<?xml version="1.0" encoding="utf-8"?>
  <short>Virtual Network Computing Server (VNC)</short>
  <description>A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.</description>
  <port protocol="tcp" port="5900-5903"/>
Comment 4 Thomas Woerner 2012-11-20 11:06:01 EST
Here is the package build for F-18:


To permanently enable the vnc-server service in firewalld, use:

firewall-cmd --permanent [--zone=public] --add-service=vnc-server
firewall-cmd [--zone=public] --add-service=vnc-server

To permanently disable the vnc-server service again:

firewall-cmd --permanent [--zone=public] --remove-service=vnc-server
firewall-cmd [--zone=public] --remove-service=vnc-server

With firewalld version 0.2.10, the default zone (public) will be used if you are not using the option --zone=<zone> for permanent settings to be compatible to the non permanent options.

Using only the permanent options will enable the settings after firewalld reload or restart. If you need the settings immediately also, use the command with and without the --permanent option.
Comment 5 Thomas Woerner 2012-11-20 11:10:42 EST
If you want to enable vnc-server in a kickstart post script, you have to use firewall-offline-cmd, that is using lokkig arguments right because of anaconda:

firewall-offline-cmd --service=vnc-server

This will enable vnc-server in the default zone.

Note You need to log in before you can comment on or make changes to this bug.