8 Dec
2021
8 Dec
'21
4:19 p.m.
Oh, I did not realize the services recognized by firewalld is limited.
It's not limited however it ships with a handful of common predefined services for convenience. You can find them in `/usr/lib/firewalld/services` and use them as a template and create one for `ws-discovery` if you like. Here is an example one you could place in `/etc/firewalld/services/ws-discovery.xml` which would allow you to refernece `ws-discovery` in future rules.
``` <?xml version="1.0" encoding="utf-8"?> <service> <short>ws-discovery</short> <description>Web Services Dynamic Discovery</description> <port port="3702" protocol="tcp"/> <port port="3702" protocol="udp"/> </service> ```
Reference: https://firewalld.org/documentation/howto/add-a-service.html
--
Cody Robertson
Chief Technical Officer, Hawk Host Inc.
cody@hawkhost.com
On Wed, Dec 8, 2021, at 4:23 PM, Neil Aggarwal wrote:
> Oh, I did not realize the services recognized by firewalld is limited.
>
> I used the port rule and it seems to be working. Thanks for the help!
>
> Neil
>
> --
> Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com
> We offer 30 year loans on single family houses!
>
> *From:* Jonathan Wright [mailto:jonathan@almalinux.org]
> *Sent:* Wednesday, December 8, 2021 2:50 PM
> *Cc:* users@lists.almalinux.org
> *Subject:* [AlmaLinux Users] Re: Error: ws-discovery is an invalid service
>
> I don't think this is something included in the predefined firewalld
> service rules. ie:
>
> firewall-cmd --get-services
>
> You should probably just make a rule for the port instead of using the
> service name.
>
> On Wed, Dec 8, 2021 at 2:37 PM Neil Aggarwal neil@propfinancing.com wrote:
>> Hello all:
>>
>> I am seeing packets to port 3702 in my firewall log so I wanted
>> to add a rule to drop them silently.
>>
>> I tried this command:
>> firewall-cmd --permanent --add-rich-rule='rule service name=ws-discovery drop'
>>
>> Which give me this message:
>> success
>>
>> But, when I do
>> systemctl restart firewalld
>>
>> I see this entry in the log:
>> ERROR: INVALID_SERVICE: ws-discovery
>>
>> That is strange. Any idea what went wrong?
>>
>> Thank you,
>> Neil
>>
>> --
>> Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com
>> We offer 30 year loans on single family houses!
>>
>> _______________________________________________
>> AlmaLinux Users mailing list -- users@lists.almalinux.org
>> To unsubscribe send an email to users-leave@lists.almalinux.org
>
>
> --
> Jonathan Wright
> AlmaLinux Foundation
> Mattermost: chat https://chat.almalinux.org/almalinux/messages/@jonathan
> _______________________________________________
> AlmaLinux Users mailing list -- users@lists.almalinux.org
> To unsubscribe send an email to users-leave@lists.almalinux.org