(Created page with "= Description = This is the test case to check if firewalld and the network service are working together. = How to test = === 1. Prerequisite === * Wired network connection. ...") |
No edit summary |
||
| Line 2: | Line 2: | ||
This is the test case to check if firewalld and the network service are working together. | This is the test case to check if firewalld and the network service are working together. | ||
Firewalld needs NetworkManager, which tells firewalld what network interface belongs to which zone. | |||
Firewalld is however able to run without NetworkManager (with legacy ''network'' service), | |||
but there's one issue. The legacy ''network'' service is just a set of scripts and not a running service | |||
so it's not able to notice firewalld's restart and | |||
react to it (by telling firewalld which interface belongs to which zone) as NetworkManager does. | |||
The consequence of restarting (or starting after boot) firewalld when there's no running NetworkManager is | |||
that there are no active zones, i.e. your network interface(s) no longer belong to any zone, | |||
see https://bugzilla.redhat.com/show_bug.cgi?id=821938. Work-around is to manually add them to zone. | |||
= How to test = | = How to test = | ||
=== 1 | === 1. Stop NetworkManager === | ||
systemctl stop NetworkManager.service | systemctl stop NetworkManager.service | ||
Use | Use ''ip'' command to see if the wired interface is still ''UP'': | ||
ip link show em1 | |||
If the wired interface (using | If the wired interface (using ''em1'' as an example here) is ''UP'' and running, please stop it: | ||
ip link set dev em1 down | |||
Do not shut down the lo interface. | Do not shut down the ''lo'' interface. | ||
Restart firewalld to make sure that there are no active zones: | Restart firewalld to make sure that there are no active zones: | ||
| Line 36: | Line 38: | ||
This list should be empty. | This list should be empty. | ||
=== | === 2. Start network service === | ||
systemctl start network.service | systemctl start network.service | ||
The interface should be again ''UP'' now. | |||
If it's not then it's probably something wrong with ''/etc/sysconfig/network-scripts/ifcfg-em1 | |||
firewall-cmd --get-active-zones | firewall-cmd --get-active-zones | ||
| Line 46: | Line 49: | ||
Should list the interface as part of the default or configured zone. | Should list the interface as part of the default or configured zone. | ||
=== | === 3. Change zone of interface === | ||
Similar to [[QA:Testcase_firewalld_and_NetworkManager|Test case 3] | Similar to [[QA:Testcase_firewalld_and_NetworkManager|Test case 3] | ||
| Line 54: | Line 57: | ||
systemctl restart network.service | systemctl restart network.service | ||
=== | === 4. Restore NetworkManager === | ||
systemctl stop network.service | systemctl stop network.service | ||
systemctl start NetworkManager.service | systemctl start NetworkManager.service | ||
Revision as of 11:24, 2 October 2012
Description
This is the test case to check if firewalld and the network service are working together.
Firewalld needs NetworkManager, which tells firewalld what network interface belongs to which zone. Firewalld is however able to run without NetworkManager (with legacy network service), but there's one issue. The legacy network service is just a set of scripts and not a running service so it's not able to notice firewalld's restart and react to it (by telling firewalld which interface belongs to which zone) as NetworkManager does. The consequence of restarting (or starting after boot) firewalld when there's no running NetworkManager is that there are no active zones, i.e. your network interface(s) no longer belong to any zone, see https://bugzilla.redhat.com/show_bug.cgi?id=821938. Work-around is to manually add them to zone.
How to test
1. Stop NetworkManager
systemctl stop NetworkManager.service
Use ip command to see if the wired interface is still UP:
ip link show em1
If the wired interface (using em1 as an example here) is UP and running, please stop it:
ip link set dev em1 down
Do not shut down the lo interface.
Restart firewalld to make sure that there are no active zones:
systemctl restart firewalld.service
Get list of active zones:
firewall-cmd --get-active-zones
This list should be empty.
2. Start network service
systemctl start network.service
The interface should be again UP now. If it's not then it's probably something wrong with /etc/sysconfig/network-scripts/ifcfg-em1
firewall-cmd --get-active-zones
Should list the interface as part of the default or configured zone.
3. Change zone of interface
Similar to [[QA:Testcase_firewalld_and_NetworkManager|Test case 3]
But you have to manually reconnect with
systemctl restart network.service
4. Restore NetworkManager
systemctl stop network.service systemctl start NetworkManager.service