|
 |
4d3a0d |
From aaba32dd922c84662521754952e5a50198dd8625 Mon Sep 17 00:00:00 2001
|
|
|
7d5a1d |
From: Eric Garver <e@erig.me>
|
|
|
7d5a1d |
Date: Mon, 9 Jul 2018 11:29:33 -0400
|
|
|
7d5a1d |
Subject: [PATCH] Add cockpit by default to some zones
|
|
|
7d5a1d |
|
|
|
7d5a1d |
Fixes: #1581578
|
|
|
7d5a1d |
---
|
|
|
7d5a1d |
config/zones/home.xml | 1 +
|
|
|
7d5a1d |
config/zones/internal.xml | 1 +
|
|
|
7d5a1d |
config/zones/public.xml | 1 +
|
|
|
7d5a1d |
config/zones/work.xml | 1 +
|
|
|
4d3a0d |
src/tests/features/helpers_custom.at | 9 +++++++++
|
|
|
7d5a1d |
src/tests/features/service_include.at | 2 +-
|
|
|
7d5a1d |
src/tests/firewall-cmd.at | 14 +++++++++++++-
|
|
|
7d5a1d |
src/tests/regression/gh366.at | 3 +++
|
|
|
7d5a1d |
src/tests/regression/gh453.at | 2 ++
|
|
|
7d5a1d |
src/tests/regression/rhbz1514043.at | 2 +-
|
|
|
4d3a0d |
10 files changed, 33 insertions(+), 3 deletions(-)
|
|
|
7d5a1d |
|
|
|
7d5a1d |
diff --git a/config/zones/home.xml b/config/zones/home.xml
|
|
|
7d5a1d |
index 42b29b2f2d50..8aa8afa0e8aa 100644
|
|
|
7d5a1d |
--- a/config/zones/home.xml
|
|
|
7d5a1d |
+++ b/config/zones/home.xml
|
|
|
7d5a1d |
@@ -6,4 +6,5 @@
|
|
|
7d5a1d |
<service name="mdns"/>
|
|
|
7d5a1d |
<service name="samba-client"/>
|
|
|
7d5a1d |
<service name="dhcpv6-client"/>
|
|
|
7d5a1d |
+ <service name="cockpit"/>
|
|
|
7d5a1d |
</zone>
|
|
|
7d5a1d |
diff --git a/config/zones/internal.xml b/config/zones/internal.xml
|
|
|
7d5a1d |
index e646b48c94e8..40cb7e14424b 100644
|
|
|
7d5a1d |
--- a/config/zones/internal.xml
|
|
|
7d5a1d |
+++ b/config/zones/internal.xml
|
|
|
7d5a1d |
@@ -6,4 +6,5 @@
|
|
|
7d5a1d |
<service name="mdns"/>
|
|
|
7d5a1d |
<service name="samba-client"/>
|
|
|
7d5a1d |
<service name="dhcpv6-client"/>
|
|
|
7d5a1d |
+ <service name="cockpit"/>
|
|
|
7d5a1d |
</zone>
|
|
|
7d5a1d |
diff --git a/config/zones/public.xml b/config/zones/public.xml
|
|
|
7d5a1d |
index 49795d8c9068..617e131a4895 100644
|
|
|
7d5a1d |
--- a/config/zones/public.xml
|
|
|
7d5a1d |
+++ b/config/zones/public.xml
|
|
|
7d5a1d |
@@ -4,4 +4,5 @@
|
|
|
7d5a1d |
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
|
|
|
7d5a1d |
<service name="ssh"/>
|
|
|
7d5a1d |
<service name="dhcpv6-client"/>
|
|
|
7d5a1d |
+ <service name="cockpit"/>
|
|
|
7d5a1d |
</zone>
|
|
|
7d5a1d |
diff --git a/config/zones/work.xml b/config/zones/work.xml
|
|
|
7d5a1d |
index 6ea5550a40bd..9609ee6f65c2 100644
|
|
|
7d5a1d |
--- a/config/zones/work.xml
|
|
|
7d5a1d |
+++ b/config/zones/work.xml
|
|
|
7d5a1d |
@@ -4,4 +4,5 @@
|
|
|
7d5a1d |
<description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
|
|
|
7d5a1d |
<service name="ssh"/>
|
|
|
7d5a1d |
<service name="dhcpv6-client"/>
|
|
|
7d5a1d |
+ <service name="cockpit"/>
|
|
|
7d5a1d |
</zone>
|
|
|
4d3a0d |
diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at
|
|
|
4d3a0d |
index c65f067a06ec..263185c88724 100644
|
|
|
4d3a0d |
--- a/src/tests/features/helpers_custom.at
|
|
|
4d3a0d |
+++ b/src/tests/features/helpers_custom.at
|
|
|
4d3a0d |
@@ -17,6 +17,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
|
|
4d3a0d |
chain filter_IN_public_allow {
|
|
|
4d3a0d |
tcp dport 22 ct state new,untracked accept
|
|
|
4d3a0d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
4d3a0d |
+ tcp dport 9090 ct state new,untracked accept
|
|
|
4d3a0d |
tcp dport 2121 ct helper set "helper-ftptest-tcp"
|
|
|
4d3a0d |
tcp dport 2121 ct state new,untracked accept
|
|
|
4d3a0d |
}
|
|
|
4d3a0d |
@@ -27,6 +28,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
|
|
4d3a0d |
])
|
|
|
4d3a0d |
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
4d3a0d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
])
|
|
|
4d3a0d |
IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
|
|
4d3a0d |
@@ -35,6 +37,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
|
|
4d3a0d |
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
4d3a0d |
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
])
|
|
|
4d3a0d |
|
|
|
4d3a0d |
@@ -51,6 +54,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
|
|
4d3a0d |
chain filter_IN_public_allow {
|
|
|
4d3a0d |
tcp dport 22 ct state new,untracked accept
|
|
|
4d3a0d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
4d3a0d |
+ tcp dport 9090 ct state new,untracked accept
|
|
|
4d3a0d |
tcp dport 2121 ct helper set "helper-ftptest-tcp"
|
|
|
4d3a0d |
tcp dport 2121 ct state new,untracked accept
|
|
|
4d3a0d |
}
|
|
|
4d3a0d |
@@ -61,6 +65,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
|
|
4d3a0d |
])
|
|
|
4d3a0d |
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
4d3a0d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
])
|
|
|
4d3a0d |
IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
|
|
4d3a0d |
@@ -69,6 +74,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
|
|
4d3a0d |
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
4d3a0d |
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
])
|
|
|
4d3a0d |
|
|
|
4d3a0d |
@@ -86,6 +92,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
|
|
4d3a0d |
chain filter_IN_public_allow {
|
|
|
4d3a0d |
tcp dport 22 ct state new,untracked accept
|
|
|
4d3a0d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
4d3a0d |
+ tcp dport 9090 ct state new,untracked accept
|
|
|
4d3a0d |
tcp dport 21 ct helper set "helper-ftp-tcp"
|
|
|
4d3a0d |
tcp dport 2121 ct helper set "helper-ftptest-tcp"
|
|
|
4d3a0d |
tcp dport 2121 ct state new,untracked accept
|
|
|
4d3a0d |
@@ -99,6 +106,7 @@ IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
|
|
4d3a0d |
])
|
|
|
4d3a0d |
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
4d3a0d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
])
|
|
|
4d3a0d |
@@ -109,6 +117,7 @@ IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl
|
|
|
4d3a0d |
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
4d3a0d |
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
])
|
|
|
7d5a1d |
diff --git a/src/tests/features/service_include.at b/src/tests/features/service_include.at
|
|
|
4d3a0d |
index 219d5b42767b..0bf59f63b81b 100644
|
|
|
7d5a1d |
--- a/src/tests/features/service_include.at
|
|
|
7d5a1d |
+++ b/src/tests/features/service_include.at
|
|
|
4d3a0d |
@@ -117,7 +117,7 @@ FWD_CHECK([--zone=drop --list-services], 0, [dnl
|
|
|
7d5a1d |
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
FWD_CHECK([--zone=public --list-services], 0, [dnl
|
|
|
7d5a1d |
-dhcpv6-client ssh
|
|
|
7d5a1d |
+cockpit dhcpv6-client ssh
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=does-not-exist])
|
|
|
7d5a1d |
FWD_RELOAD
|
|
|
7d5a1d |
diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
|
|
|
4d3a0d |
index 0e0d3938da0a..540bdb8b1065 100644
|
|
|
7d5a1d |
--- a/src/tests/firewall-cmd.at
|
|
|
7d5a1d |
+++ b/src/tests/firewall-cmd.at
|
|
|
4d3a0d |
@@ -1144,6 +1144,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
chain filter_IN_public_allow {
|
|
|
7d5a1d |
tcp dport 22 ct state new,untracked accept
|
|
|
7d5a1d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
7d5a1d |
+ tcp dport 9090 ct state new,untracked accept
|
|
|
7d5a1d |
tcp dport 1122 ct state new,untracked accept
|
|
|
7d5a1d |
tcp dport 3333 ct state new,untracked accept
|
|
|
7d5a1d |
tcp dport 4444 ct state new,untracked accept
|
|
|
4d3a0d |
@@ -1159,6 +1160,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
@@ -1173,6 +1175,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED
|
|
|
4d3a0d |
@@ -1254,6 +1257,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
chain filter_IN_public_allow {
|
|
|
7d5a1d |
tcp dport 22 ct state new,untracked accept
|
|
|
7d5a1d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
7d5a1d |
+ tcp dport 9090 ct state new,untracked accept
|
|
|
7d5a1d |
}
|
|
|
7d5a1d |
}
|
|
|
7d5a1d |
])
|
|
|
4d3a0d |
@@ -1357,6 +1361,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
|
|
|
7d5a1d |
])
|
|
|
4d3a0d |
@@ -1391,6 +1396,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
|
|
|
7d5a1d |
])
|
|
|
4d3a0d |
@@ -1438,6 +1444,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
chain filter_IN_public_allow {
|
|
|
7d5a1d |
tcp dport 22 ct state new,untracked accept
|
|
|
7d5a1d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
7d5a1d |
+ tcp dport 9090 ct state new,untracked accept
|
|
|
7d5a1d |
icmp type echo-request accept
|
|
|
7d5a1d |
icmpv6 type echo-request accept
|
|
|
7d5a1d |
}
|
|
|
4d3a0d |
@@ -1478,6 +1485,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
|
|
|
4d3a0d |
@@ -1500,6 +1508,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl
|
|
|
4d3a0d |
@@ -1556,6 +1565,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
chain filter_IN_public_allow {
|
|
|
7d5a1d |
tcp dport 22 ct state new,untracked accept
|
|
|
7d5a1d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
7d5a1d |
+ tcp dport 9090 ct state new,untracked accept
|
|
|
7d5a1d |
}
|
|
|
7d5a1d |
}
|
|
|
7d5a1d |
])
|
|
|
4d3a0d |
@@ -1593,6 +1603,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl
|
|
|
7d5a1d |
])
|
|
|
4d3a0d |
@@ -1613,6 +1624,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl
|
|
|
7d5a1d |
])
|
|
|
4d3a0d |
@@ -1638,7 +1650,7 @@ FWD_START_TEST([rich rules priority])
|
|
|
7d5a1d |
icmp-block-inversion: no
|
|
|
7d5a1d |
interfaces:
|
|
|
7d5a1d |
sources:
|
|
|
7d5a1d |
- services: dhcpv6-client ssh
|
|
|
7d5a1d |
+ services: cockpit dhcpv6-client ssh
|
|
|
7d5a1d |
ports:
|
|
|
7d5a1d |
protocols:
|
|
|
7d5a1d |
masquerade: no
|
|
|
7d5a1d |
diff --git a/src/tests/regression/gh366.at b/src/tests/regression/gh366.at
|
|
|
7d5a1d |
index 1441a6be53bf..51ff504e6a9d 100644
|
|
|
7d5a1d |
--- a/src/tests/regression/gh366.at
|
|
|
7d5a1d |
+++ b/src/tests/regression/gh366.at
|
|
|
7d5a1d |
@@ -7,6 +7,7 @@ table inet firewalld {
|
|
|
7d5a1d |
chain filter_IN_public_allow {
|
|
|
7d5a1d |
tcp dport 22 ct state new,untracked accept
|
|
|
7d5a1d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
7d5a1d |
+tcp dport 9090 ct state new,untracked accept
|
|
|
7d5a1d |
ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept
|
|
|
7d5a1d |
ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept
|
|
|
7d5a1d |
}
|
|
|
7d5a1d |
@@ -14,11 +15,13 @@ ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
])
|
|
|
7d5a1d |
IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
+ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED
|
|
|
7d5a1d |
])])
|
|
|
7d5a1d |
|
|
|
7d5a1d |
diff --git a/src/tests/regression/gh453.at b/src/tests/regression/gh453.at
|
|
|
7d5a1d |
index f57a79dcf9a2..6d820fce840a 100644
|
|
|
7d5a1d |
--- a/src/tests/regression/gh453.at
|
|
|
7d5a1d |
+++ b/src/tests/regression/gh453.at
|
|
|
7d5a1d |
@@ -18,6 +18,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
chain filter_IN_public_allow {
|
|
|
7d5a1d |
tcp dport 22 ct state new,untracked accept
|
|
|
7d5a1d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
7d5a1d |
+ tcp dport 9090 ct state new,untracked accept
|
|
|
7d5a1d |
tcp dport 21 ct helper set "helper-ftp-tcp"
|
|
|
7d5a1d |
tcp dport 21 ct state new,untracked accept
|
|
|
7d5a1d |
}
|
|
|
7d5a1d |
@@ -42,6 +43,7 @@ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
|
|
|
7d5a1d |
chain filter_IN_public_allow {
|
|
|
7d5a1d |
tcp dport 22 ct state new,untracked accept
|
|
|
7d5a1d |
ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
|
|
|
7d5a1d |
+ tcp dport 9090 ct state new,untracked accept
|
|
|
7d5a1d |
tcp dport 21 ct helper set "helper-ftp-tcp"
|
|
|
7d5a1d |
tcp dport 21 ct state new,untracked accept
|
|
|
7d5a1d |
tcp dport 5060 ct helper set "helper-sip-tcp"
|
|
|
7d5a1d |
diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at
|
|
|
4d3a0d |
index efc33e09478b..241cf547f7f3 100644
|
|
|
7d5a1d |
--- a/src/tests/regression/rhbz1514043.at
|
|
|
7d5a1d |
+++ b/src/tests/regression/rhbz1514043.at
|
|
|
7d5a1d |
@@ -5,7 +5,7 @@ FWD_CHECK([-q --set-log-denied=all])
|
|
|
7d5a1d |
FWD_CHECK([-q --permanent --zone=public --add-service=samba])
|
|
|
7d5a1d |
FWD_RELOAD
|
|
|
7d5a1d |
FWD_CHECK([--zone=public --list-all | TRIM | grep ^services], 0, [dnl
|
|
|
7d5a1d |
-services: dhcpv6-client samba ssh
|
|
|
7d5a1d |
+services: cockpit dhcpv6-client samba ssh
|
|
|
7d5a1d |
])
|
|
|
4d3a0d |
|
|
|
7d5a1d |
dnl check that log denied actually took effect
|
|
|
7d5a1d |
--
|
|
|
4d3a0d |
2.23.0
|
|
|
7d5a1d |
|