On Mon, Dec 28, 2015 at 4:22 PM, Robert Moskowitz <r...@htt-consult.com> wrote:
> I am familiar with using commands like: > > firewall-cmd --permanent --add-service=http > > To enable firewalld services. I am also aware that this is through xml > 'scripts' in: > > /usr/lib/firewalld/services/ > > But what I find interesting is what services are there and which are not. > I went a'lookin with: > > grep "port=" /usr/lib/firewalld/services/*|more > firewall-cmd --get-services Only the "most common" services, which will undoubtedly be up for interpretation and opinions will differ. https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7 James has some good information here regarding precedence of service vs port-based firewalld rules and creating your own custom service definitions. https://www.hogarthuk.com/?q=node/9 > > And found some like: > > http, https, imaps, smtp, and pop3s > > What I do not find are others that I would think are 'standard' like: > > pop3 (110) and imap (143) > (Given your findings which I've not confirmed...) With the inclusion of pop3s, I'd expect imap, pop3, and imaps too. > > I can understand 587 not being included, but imap? > > I can always just add them with: > > firewall-cmd --permanent --add-port=587/tcp > I noticed the same for SNMP. No pre-configured "service profile" so I had to use 161/udp ... but it was a small thing. ;-) > > But I want to use the standard files. Perhaps because they are there. > Have I missed how some are handled? > I don't think you have. I was curious some weeks ago at the time, but had my solution with port-based and moved on to other tasks. -- ---~~.~~--- Mike // SilverTip257 // _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
