Firewalld Services
I am familiar with using commands like:
firewall-cmd –permanent –add-service=http
To enable firewalld services. I am also aware that this is through xml
‘scripts’ in:
/usr/lib/firewalld/services/
But what I find interesting is what services are there and which are not. I went a’lookin with:
grep “port=” /usr/lib/firewalld/services/*|more
And found some like:
http, https, imaps, SMTP, and pop3s
What I do not find are others that I would think are ‘standard’ like:
pop3 (110) and imap (143)
I can understand 587 not being included, but imap?
I can always just add them with:
firewall-cmd –permanent –add-portX7/tcp
But I want to use the standard files. Perhaps because they are there.
Have I missed how some are handled?
thanks
One thought on - Firewalld Services
firewall-cmd –get-services
Only the “most common” services, which will undoubtedly be up for interpretation and opinions will differ. https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-CentOS-7
James has some good information here regarding precedence of service vs port-based firewalld rules and creating your own custom service definitions. https://www.hogarthuk.com/?q=node/9
(Given your findings which I’ve not confirmed…)
With the inclusion of pop3s, I’d expect imap, pop3, and imaps too.
I noticed the same for SNMP. No pre-configured “service profile” so I had to use 161/udp … but it was a small thing. ;-)
I don’t think you have. I was curious some weeks ago at the time, but had my solution with port-based and moved on to other tasks.