CentOS 7, Systemd And Firewall-cmd

Home » CentOS » CentOS 7, Systemd And Firewall-cmd
CentOS 7 Comments

I’m having issues with an rsyncd. systemctl status rsyncd shows it running rsyncd.service – fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled)
Active: active (running) since Wed 2015-02-25 10:57:02 EST; 4h 43min ago Main PID: 31672 (rsync)
CGroup: /system.slice/rsyncd.service
`-31672 /usr/bin/rsync –daemon –no-detach

But firewall-cmd –list-all public (default, active)
interfaces: em1 em2
sources:
services: dhcpv6-client mountd nfs rpc-bind samba ssh
ports: 631/udp 22/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

And yet if I do iptables-save, it shows 873 open.

a) which should I believe, firewall-cmd or iptables-save?
b) why does firewall-cmd not show 837 open?
c) I’ve been googling, and know that I can tell firewall-cmd to open the port,
but if there’s a “correct” way, presumably one that will show rsyncd on
the services line, I’d like to do it that way.

Clues?

mark

7 thoughts on - CentOS 7, Systemd And Firewall-cmd

  • firewall-cmd –add-service=rsyncd

    To make it permanent, do the above and this:
    firewall-cmd –permanent –add-service=rsyncd

    Chris Murphy

  • Chris Murphy wrote:
    firewall-cmd –add-service=rsyncd Error: INVALID_SERVICE: rsyncd

    Is there another place that there needs to be an rsyncd service file, whatever it’s supposed to be named, *other* than where systemd wants it?

    mark

  • I’m on Fedora 22 Server which has this already:

    # cat /usr/lib/firewalld/services/rsyncd.xml


    Rsync in daemon mode
    Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized.

    And also:
    # dnf provides /usr/lib/firewalld/services/rsyncd.xml Using metadata from Wed Feb 25 12:01:25 2015
    firewalld-0.3.13-2.fc22.noarch : A firewall daemon with D-Bus interface providing a dynamic firewall Repo : @System

    So I can’t tell you if this will work in your case and if there’s some way within firewall-cmd to create these service files or not.

    Chris Murphy

  • For what it’s worth, anytime –permanent is used, the change is not dynamic, firewalld needs to be restarted. So instead, do the command twice, once with and once without –permanent. The order doesn’t matter.

  • Chris Murphy wrote:

    Ok, *that’s* the missing file. I looked in both /etc/firewalld/services and /usr/lib/firewalld/services, and there’s no rsyncd in either.

    So, is this a CentOS bug, or upstream’s problem?

    mark

  • No idea. Guessing, it’s probably missing upstream because at the time firewalld was stabilizing for RHEL7 it was brand new even on Fedora. So I’ll bet a bunch of service files just aren’t created.