#2110 [RFE] ipa-server-install should offer to open necessary firewall ports for you
Opened 7 years ago by rcritten. Modified 2 years ago


instead of telling user to make sure ports are open, ipa-server-install should
offer to open them for you

The following network ports must be open:

                TCP Ports:
                  * 80, 443: HTTP/HTTPS
                  * 389, 636: LDAP/LDAPS
                  * 88, 464: kerberos
                  * 53: bind
                UDP Ports:
                  * 88, 464: kerberos
                  * 53: bind
                  * 123: ntp

Would you like to modify the existing firewall configuration? [Y/n]

I'd like to point out that Fedora systems now have a very handy way of accomplishing this: http://fedoraproject.org/wiki/FirewallD/

I talked to the maintainer at some point in the past when the project want to ready yet. I knew it is coming. I am not sure it will be a priority until a bit later.

I've been testing on F18 and to my surprise iptables is gone. I figured out that it's been replaced with firewalld and now sports a handy way to adjust the current firewall settings without restarting the daemon and to permanently set the new settings. This is alluded to in the above comments. Given how nicely this integrates I thought ipa-server-install should be performing this as part of the setup. I see I'm not the first person to have this idea :-)

Now that firewalld is shipping in F18 and due to land in RHEL7 maybe we should reconsider this RFE again.

For the record: I closed the duplicate ticket #1826.

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: Ticket Backlog

2 years ago

Login to comment on this ticket.