From Fedora Project Wiki

Revision as of 15:46, 6 September 2012 by Jpopelka (talk | contribs)

Description

This is the test case to check if runtime changes of firewall zones are usable.

Settings in the zone done with firewall-cmd (without --permanent switch) are only valid till reboot or firewalld service restart.

How to test

1. Get settings of 'work' zone

 firewall-cmd --zone=work --list-all

2. Enable service 'samba-client' in zone 'work'

 firewall-cmd --zone=work --add-service=samba-client

To check (as root) if it has been enabled: 

 iptables-save | grep work

These two lines should be in the output: 

 -A IN_ZONE_work_allow -p udp -m udp --dport 137 -j ACCEPT
 -A IN_ZONE_work_allow -p udp -m udp --dport 138 -j ACCEPT

And 

 firewall-cmd --zone=work --list-services

should contain samba-client

3. Disable service 'samba-client' in zone 'work'

 firewall-cmd --zone=work --remove-service=samba-client
Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_use_firewalld_zones&oldid=300757"