Error: ws-discovery is an invalid service

newer
/etc/pam.d/system-auth created by...

older
Qemu - enabling "bridge mode" for...

Neil Aggarwal

8 Dec 2021 8 Dec '21

2:37 p.m.

Hello all: I am seeing packets to port 3702 in my firewall log so I wanted to add a rule to drop them silently. I tried this command: firewall-cmd --permanent --add-rich-rule='rule service name=ws-discovery drop' Which give me this message: success But, when I do systemctl restart firewalld I see this entry in the log: ERROR: INVALID_SERVICE: ws-discovery That is strange. Any idea what went wrong? Thank you, Neil -- Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com We offer 30 year loans on single family houses!

Attachments:

attachment.html (text/html — 4.3 KB)

Show replies by date

Jonathan Wright

8 Dec 8 Dec

2:49 p.m.

I don't think this is something included in the predefined firewalld service rules. ie: firewall-cmd --get-services You should probably just make a rule for the port instead of using the service name. On Wed, Dec 8, 2021 at 2:37 PM Neil Aggarwal wrote:

...

Hello all:

I am seeing packets to port 3702 in my firewall log so I wanted to add a rule to drop them silently.

I tried this command:

firewall-cmd --permanent --add-rich-rule='rule service name=ws-discovery drop'

Which give me this message:

success

But, when I do

systemctl restart firewalld

I see this entry in the log:

ERROR: INVALID_SERVICE: ws-discovery

That is strange. Any idea what went wrong?

Thank you,

Neil

--

Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com

We offer 30 year loans on single family houses!

_______________________________________________ AlmaLinux Users mailing list -- users@lists.almalinux.org To unsubscribe send an email to users-leave@lists.almalinux.org

-- Jonathan Wright AlmaLinux Foundation Mattermost: chat https://chat.almalinux.org/almalinux/messages/@jonathan

Neil Aggarwal

3:23 p.m.

Oh, I did not realize the services recognized by firewalld is limited. I used the port rule and it seems to be working. Thanks for the help! Neil -- Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com We offer 30 year loans on single family houses! *From:* Jonathan Wright [mailto:jonathan@almalinux.org] *Sent:* Wednesday, December 8, 2021 2:50 PM *Cc:* users@lists.almalinux.org *Subject:* [AlmaLinux Users] Re: Error: ws-discovery is an invalid service I don't think this is something included in the predefined firewalld service rules. ie: firewall-cmd --get-services You should probably just make a rule for the port instead of using the service name. On Wed, Dec 8, 2021 at 2:37 PM Neil Aggarwal wrote: Hello all: I am seeing packets to port 3702 in my firewall log so I wanted to add a rule to drop them silently. I tried this command: firewall-cmd --permanent --add-rich-rule='rule service name=ws-discovery drop' Which give me this message: success But, when I do systemctl restart firewalld I see this entry in the log: ERROR: INVALID_SERVICE: ws-discovery That is strange. Any idea what went wrong? Thank you, Neil -- Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com We offer 30 year loans on single family houses! _______________________________________________ AlmaLinux Users mailing list -- users@lists.almalinux.org To unsubscribe send an email to users-leave@lists.almalinux.org -- Jonathan Wright AlmaLinux Foundation Mattermost: chat https://chat.almalinux.org/almalinux/messages/@jonathan

Cody Robertson

4:19 p.m.

...

Oh, I did not realize the services recognized by firewalld is limited.

It's not limited however it ships with a handful of common predefined services for convenience. You can find them in `/usr/lib/firewalld/services` and use them as a template and create one for `ws-discovery` if you like. Here is an example one you could place in `/etc/firewalld/services/ws-discovery.xml` which would allow you to refernece `ws-discovery` in future rules. ``` <?xml version="1.0" encoding="utf-8"?> <service> <short>ws-discovery</short> <description>Web Services Dynamic Discovery</description> <port port="3702" protocol="tcp"/> <port port="3702" protocol="udp"/> </service> ``` Reference: https://firewalld.org/documentation/howto/add-a-service.html -- Cody Robertson Chief Technical Officer, Hawk Host Inc. cody@hawkhost.com On Wed, Dec 8, 2021, at 4:23 PM, Neil Aggarwal wrote:

...

Oh, I did not realize the services recognized by firewalld is limited.

I used the port rule and it seems to be working. Thanks for the help!

Neil

-- Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com We offer 30 year loans on single family houses!

*From:* Jonathan Wright [mailto:jonathan@almalinux.org] *Sent:* Wednesday, December 8, 2021 2:50 PM *Cc:* users@lists.almalinux.org *Subject:* [AlmaLinux Users] Re: Error: ws-discovery is an invalid service

I don't think this is something included in the predefined firewalld service rules. ie:

firewall-cmd --get-services

You should probably just make a rule for the port instead of using the service name.

On Wed, Dec 8, 2021 at 2:37 PM Neil Aggarwal wrote:

...
Hello all:

I am seeing packets to port 3702 in my firewall log so I wanted to add a rule to drop them silently.

I tried this command: firewall-cmd --permanent --add-rich-rule='rule service name=ws-discovery drop'

Which give me this message: success

But, when I do systemctl restart firewalld

I see this entry in the log: ERROR: INVALID_SERVICE: ws-discovery

That is strange. Any idea what went wrong?

Thank you, Neil

-- Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com We offer 30 year loans on single family houses!

_______________________________________________ AlmaLinux Users mailing list -- users@lists.almalinux.org To unsubscribe send an email to users-leave@lists.almalinux.org

-- Jonathan Wright AlmaLinux Foundation Mattermost: chat https://chat.almalinux.org/almalinux/messages/@jonathan _______________________________________________ AlmaLinux Users mailing list -- users@lists.almalinux.org To unsubscribe send an email to users-leave@lists.almalinux.org

Neil Aggarwal

9:17 p.m.

This seems like a strange design decision to me. All of that information is already in /etc/services so it seems unnecessary to duplicate it. Thank you, Neil -- Neil Aggarwal, (972) 834-1565, http://www.propfinancing.com We offer 30 year loans on single family houses! -----Original Message----- From: Cody Robertson [mailto:cody@hawkhost.com] Sent: Wednesday, December 8, 2021 4:19 PM To: users@lists.almalinux.org Subject: [AlmaLinux Users] Re: Error: ws-discovery is an invalid service

...

Oh, I did not realize the services recognized by firewalld is limited.

1108

Age (days ago)

1109

Last active (days ago)

List overview

Download

4 comments

3 participants

participants (3)

Cody Robertson
Jonathan Wright
Neil Aggarwal