877035 – Add config files to firewalld for vncserver

Bug 877035 - Add config files to firewalld for vncserver

Summary: Add config files to firewalld for vncserver

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firewalld
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F18Betappc
TreeView+	depends on / blocked

Reported:	2012-11-15 15:10 UTC by Brent Baude
Modified:	2013-02-15 12:30 UTC (History)
CC List:	4 users (show)
Fixed In Version:	firewalld-0.2.10-1.fc18
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-15 12:30:07 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Brent Baude 2012-11-15 15:10:04 UTC

Description of problem:

It looks like firewalld doesn't allow vnc to work by default.  We discussed this with Thomas Woerner on Nov 15th and he asked me to file this bugz.

Version-Release number of selected component (if applicable):
firewalld-0.2.9-1.fc18.noarch

How reproducible:

install vncserver and attempt to connect with firewalld running

Comment 1 Thomas Woerner 2012-11-15 16:41:31 UTC

I will add a vnc-server service entry. But it will not be enabled by default.

Comment 2 Brent Baude 2012-11-19 16:18:05 UTC

Thanks Thomas, when you check the change in and kick off a build, can you let us know?  Also, can you put in a comment here on how to change default off to default on just so we have some history?

Comment 3 Thomas Woerner 2012-11-20 14:37:19 UTC

This is the service entry I am adding right now:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Virtual Network Computing Server (VNC)</short>
  <description>A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.</description>
  <port protocol="tcp" port="5900-5903"/>
</service>

Comment 4 Thomas Woerner 2012-11-20 16:06:01 UTC

Here is the package build for F-18:

http://koji.fedoraproject.org/koji/buildinfo?buildID=367821


To permanently enable the vnc-server service in firewalld, use:

firewall-cmd --permanent [--zone=public] --add-service=vnc-server
firewall-cmd [--zone=public] --add-service=vnc-server

To permanently disable the vnc-server service again:

firewall-cmd --permanent [--zone=public] --remove-service=vnc-server
firewall-cmd [--zone=public] --remove-service=vnc-server

With firewalld version 0.2.10, the default zone (public) will be used if you are not using the option --zone=<zone> for permanent settings to be compatible to the non permanent options.

Using only the permanent options will enable the settings after firewalld reload or restart. If you need the settings immediately also, use the command with and without the --permanent option.

Comment 5 Thomas Woerner 2012-11-20 16:10:42 UTC

If you want to enable vnc-server in a kickstart post script, you have to use firewall-offline-cmd, that is using lokkig arguments right because of anaconda:

firewall-offline-cmd --service=vnc-server

This will enable vnc-server in the default zone.

Note You need to log in before you can comment on or make changes to this bug.