Description of problem: Please add a service file for dhcp-server dhcp: port 67 udp proxydhcp: port 4011 udp Proxydhcp is useful for pxe environments. http://en.wikipedia.org/wiki/Preboot_Execution_Environment Version-Release number of selected component (if applicable): firewalld-0.3.3-2.fc19.noarch
Hi Stefan, (In reply to Stefan Assmann from comment #0) > Please add a service file for dhcp-server > dhcp: port 67 udp In bug #917866, comment #1 I wrote: I don't think we need the same for DHCPv4 server because ISC DHCP(v4) makes use of raw sockets which bypass firewall completely, see https://deepthought.isc.org/article/AA-00378/0/Why-does-DHCP-use-raw-sockets.html > proxydhcp: port 4011 udp Yes, I can add it, but are you sure it's actually needed and it's not the same case as pure DHCPv4 ?
Hi Jiri, in my testing for PXE it actually makes a difference, I have # firewall-cmd --list-ports 69/udp 67/udp 4011/udp 67 is for dhcp 69 is for tftp 4011 is for proxy-dhcp If I remove port 67 and I try to PXE boot a client exactly nothing happens. And if I remove 4011 it breaks as well. Note: I'm using dnsmasq + tftp here. Maybe it's different for dhcpd? Alternatively, we could name it pxe-server instead of dhcp-server. What do you think?
(In reply to Stefan Assmann from comment #2) > If I remove port 67 and I try to PXE boot a client exactly nothing happens. > And if I remove 4011 it breaks as well. > Note: I'm using dnsmasq + tftp here. Maybe it's different for dhcpd? Ok, thanks, that's sufficient. It looks like we need both of them then.
https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=e9f022ae5e14e829b96a5bb3e0b53bf1b42c8ed6
firewalld-0.3.4-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/firewalld-0.3.4-1.fc19
Package firewalld-0.3.4-1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.4-1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-14046/firewalld-0.3.4-1.fc19 then log in and leave karma (feedback).
firewalld-0.3.4-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.