[Samba] Samba AD firewalld services

L.P.H. van Belle belle at bazuin.nl
Thu Aug 27 13:12:45 UTC 2015


yes, i have a good google track record..  ;-) 

on that site, read good.. 
... 
With the Firewalld package, the firewall configuration of the main services 
(ftp, httpd, etc) comes in the /usr/lib/firewalld/services directory. 

>> But it is still possible to add new ones in the /etc/firewalld/services directory. 
>> Also, if files exist at both locations for the same service, the file in the 
>> /etc/firewalld/services directory takes precedence. 

So do DONT touch the content /usr/lib/firewalld/services 
copy it ( or some) and add it in /etc/firewalld/services  make your changes there.. 

If you touch content in /usr/lib/firewalld/services you may loose it with an update. 


greetz, 

Louis



>-----Oorspronkelijk bericht-----
>Van: Robert Moskowitz [mailto:rgm at htt-consult.com] 
>Verzonden: donderdag 27 augustus 2015 15:06
>Aan: L.P.H. van Belle; samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba AD firewalld services
>
>
>
>On 08/27/2015 08:50 AM, L.P.H. van Belle wrote:
>> After reading this thread.. and ..seeing the comments..
>>
>> I googled a bit around. and yes.. more then 5 sec..  ;-)
>>
>> I wonder why almost every "centos/redhat/rpm based" howto 
>removes firewalld with the base iptables service
>> now, i'm not "pro" systemd or con systemd, i use it but i 
>set my firewall with ufw,
>> which is much more flexable in my opinion.
>> I just dont care about how it starts.. as long as it works..
>>
>> so i found this one..
>> http://www.certdepot.net/rhel7-get-started-firewalld/
>> looks very nice, it explains all.
>
>Your search foo is greater than mine.  But I have a long track 
>record of 
>a very low foo rating on my searches.
>
>Yes.  All pointed out there.  I see what I need in 
>/usr/lib/firewalld/services
>
>> base on that, howto create a "samba4-ad" service with 
>multiple ports in it.
>> or better, split it up in to..
>> samba4-kerberos
>> samba4-smbd
>> samba4-nmbd
>> etc..
>>
>> The only thing i cant see there in the "HAProxy example" is you can
>> add multiple "port / protools" in there.
>> thats up to you.
>>
>> but i think you wil manage that.
>>
>> .. side note..
>> Firewalling is not really a samba topic.. but we are all 
>(yes Rowland to) happy to help you..
>> ;-)  Rowland is just not a "fan" of systemd..  ROFL...
>
>Yet needed to be covered in the Wiki.  Just like DNS is.
>
>Once upon a time I did a lot of my own firewalling.  Worked a lot with 
>Shorewall on a Centos 3? server.  Going to have to dust off some old 
>skills here.
>
>> Greetz,
>>
>> Louis
>
>thanks
>
>
>




More information about the samba mailing list