CentOS 7, Systemd And Firewall-cmd
I’m having issues with an rsyncd. systemctl status rsyncd shows it running rsyncd.service – fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled)
Active: active (running) since Wed 2015-02-25 10:57:02 EST; 4h 43min ago Main PID: 31672 (rsync)
CGroup: /system.slice/rsyncd.service
`-31672 /usr/bin/rsync –daemon –no-detach
But firewall-cmd –list-all public (default, active)
interfaces: em1 em2
sources:
services: dhcpv6-client mountd nfs rpc-bind samba ssh
ports: 631/udp 22/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
And yet if I do iptables-save, it shows 873 open.
a) which should I believe, firewall-cmd or iptables-save?
b) why does firewall-cmd not show 837 open?
c) I’ve been googling, and know that I can tell firewall-cmd to open the port,
but if there’s a “correct” way, presumably one that will show rsyncd on
the services line, I’d like to do it that way.
Clues?
mark
7 thoughts on - CentOS 7, Systemd And Firewall-cmd
firewall-cmd –add-service=rsyncd
To make it permanent, do the above and this:
firewall-cmd –permanent –add-service=rsyncd
Chris Murphy
Chris Murphy wrote:
firewall-cmd –add-service=rsyncd Error: INVALID_SERVICE: rsyncd
Is there another place that there needs to be an rsyncd service file, whatever it’s supposed to be named, *other* than where systemd wants it?
mark
You can also specify the port firewall-cmd –permanent –add-port=/tcp
I’m on Fedora 22 Server which has this already:
# cat /usr/lib/firewalld/services/rsyncd.xml
Rsync in daemon mode
Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized.
And also:
# dnf provides /usr/lib/firewalld/services/rsyncd.xml Using metadata from Wed Feb 25 12:01:25 2015
firewalld-0.3.13-2.fc22.noarch : A firewall daemon with D-Bus interface providing a dynamic firewall Repo : @System
So I can’t tell you if this will work in your case and if there’s some way within firewall-cmd to create these service files or not.
Chris Murphy
For what it’s worth, anytime –permanent is used, the change is not dynamic, firewalld needs to be restarted. So instead, do the command twice, once with and once without –permanent. The order doesn’t matter.
Chris Murphy wrote:
Ok, *that’s* the missing file. I looked in both /etc/firewalld/services and /usr/lib/firewalld/services, and there’s no rsyncd in either.
So, is this a CentOS bug, or upstream’s problem?
mark
No idea. Guessing, it’s probably missing upstream because at the time firewalld was stabilizing for RHEL7 it was brand new even on Fedora. So I’ll bet a bunch of service files just aren’t created.