On 29.04.2023 15:25, Carlos E. R. wrote:
On 2023-04-29 13:44, Andrei Borzenkov wrote:
On 29.04.2023 14:42, Carlos E. R. wrote:
On 2023-04-29 13:25, Andrei Borzenkov wrote:
On 29.04.2023 12:57, Carlos E. R. wrote:
Damm! It is service name, not protocol value. Wrong copy paste. But the syntax check said nothing! Claims success and fails.
syntax is correct. It also gives warning when (re-)loaded:
Apr 29 14:18:55 uefi firewalld[1959]: WARNING: INVALID_PROTOCOL: samba: rule family="ipv4" source address="192.168.0.0/16" protocol value="samba" accept Apr 29 14:18:55 uefi firewalld[1959]: WARNING: INVALID_PROTOCOL: samba: rule family="ipv4" source address="192.168.0.0/16" protocol value="samba" accept
Where is that warning printed? Not in the terminal where I typed the command.
Which command? You never told us.
No? I see it:
# firewall-cmd --check-config && firewall-cmd --reload && date --rfc-3339=ns
I do not post it on every mail, because it is always the same.
firewall-cmd is a frontend to firewalld and just forwards request to firewalld. Real work is performed by firewalld and any diagnostic is written to its log file. The first place where one looks for logs of system service today is journal. If you also micromanaged your log files and instead of using journal are forwarding logs to a lot of different places - then you should know where they are. firewalld does not have provision to return detailed messages back as response to D-Bus request. Which really is not different from what happens with systemctl - status from systemctl only tells you whether request was successfully submitted, not whether service succeeded at the end. If you want to check configuration and see diagnostic, use firewall-offline-cmd uefi:/etc/firewalld # firewall-offline-cmd --check-config WARNING: INVALID_PROTOCOL: samba: rule family="ipv4" source address="192.168.0.0/16" protocol value="samba" accept WARNING: INVALID_PROTOCOL: samba: rule family="ipv4" source address="192.168.0.0/16" protocol value="samba" accept uefi:/etc/firewalld # Granted, it still returns 0 even if there were warnings. If you think it should be improved, you need to submit an issue on firewalld project.