Red Hat Bugzilla – Bug 877035
Add config files to firewalld for vncserver
Last modified: 2013-02-15 07:30:07 EST
Description of problem:
It looks like firewalld doesn't allow vnc to work by default. We discussed this with Thomas Woerner on Nov 15th and he asked me to file this bugz.
Version-Release number of selected component (if applicable):
install vncserver and attempt to connect with firewalld running
I will add a vnc-server service entry. But it will not be enabled by default.
Thanks Thomas, when you check the change in and kick off a build, can you let us know? Also, can you put in a comment here on how to change default off to default on just so we have some history?
This is the service entry I am adding right now:
<?xml version="1.0" encoding="utf-8"?>
<short>Virtual Network Computing Server (VNC)</short>
<description>A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.</description>
<port protocol="tcp" port="5900-5903"/>
Here is the package build for F-18:
To permanently enable the vnc-server service in firewalld, use:
firewall-cmd --permanent [--zone=public] --add-service=vnc-server
firewall-cmd [--zone=public] --add-service=vnc-server
To permanently disable the vnc-server service again:
firewall-cmd --permanent [--zone=public] --remove-service=vnc-server
firewall-cmd [--zone=public] --remove-service=vnc-server
With firewalld version 0.2.10, the default zone (public) will be used if you are not using the option --zone=<zone> for permanent settings to be compatible to the non permanent options.
Using only the permanent options will enable the settings after firewalld reload or restart. If you need the settings immediately also, use the command with and without the --permanent option.
If you want to enable vnc-server in a kickstart post script, you have to use firewall-offline-cmd, that is using lokkig arguments right because of anaconda:
This will enable vnc-server in the default zone.