Red Hat Bugzilla – Bug 986947
RFE firewalld: add service for dhcp/proxy-dhcp server
Last modified: 2013-08-03 20:09:41 EDT
Description of problem:
Please add a service file for dhcp-server
dhcp: port 67 udp
proxydhcp: port 4011 udp
Proxydhcp is useful for pxe environments.
Version-Release number of selected component (if applicable):
(In reply to Stefan Assmann from comment #0)
> Please add a service file for dhcp-server
> dhcp: port 67 udp
In bug #917866, comment #1 I wrote:
I don't think we need the same for DHCPv4 server because ISC DHCP(v4) makes use of raw sockets which bypass firewall completely, see
> proxydhcp: port 4011 udp
Yes, I can add it, but are you sure it's actually needed and it's not the same case as pure DHCPv4 ?
in my testing for PXE it actually makes a difference, I have
# firewall-cmd --list-ports
69/udp 67/udp 4011/udp
67 is for dhcp
69 is for tftp
4011 is for proxy-dhcp
If I remove port 67 and I try to PXE boot a client exactly nothing happens.
And if I remove 4011 it breaks as well.
Note: I'm using dnsmasq + tftp here. Maybe it's different for dhcpd?
Alternatively, we could name it pxe-server instead of dhcp-server. What do you think?
(In reply to Stefan Assmann from comment #2)
> If I remove port 67 and I try to PXE boot a client exactly nothing happens.
> And if I remove 4011 it breaks as well.
> Note: I'm using dnsmasq + tftp here. Maybe it's different for dhcpd?
Ok, thanks, that's sufficient.
It looks like we need both of them then.
firewalld-0.3.4-1.fc19 has been submitted as an update for Fedora 19.
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing firewalld-0.3.4-1.fc19'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
firewalld-0.3.4-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.