On 2023-04-26 13:31, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-26 12:44, Per Jessen wrote:
Andrei Borzenkov wrote:
(Can I write comments in xml file /etc/firewalld/zones/external.xml?)
Yes, use "<!-- comment -->". Can span multiple lines.
These files are modified by GUI and CLI so I am not sure these comments will be preserved.
That is a good point. The XML file is presumbly not intended as a user interface, so why keep comments. Unless the GUI/CLI permits adding comments, somehow.
I see easier to edit the file by hand to purge the excess of rules, but I need comments to know what is the purpose of this or that.
Yeah I would too, but the whole idea of tools such as firewalld is to make manual editing superfluous. Wrap everything in a nice GUI abstracting from the tedious technical detail.
Yes. But when you have to change 50 rules, the command become cumbersome. So, once I know how the rule is written to the file, for such a job I prefer to edit the file. The first link you posted comments on this, precisely.
SuSEfirewall2 accepted comments.
So does my bash script :-)
If you google it, e.g. "adding comments in firewalld", there are interesting hits.
https://serverfault.com/questions/893112/migrating-from-iptables-to-firewall...
How can we comment each firewalld rules for description? https://access.redhat.com/solutions/6822451
https://www.golinuxcloud.com/firewalld-cheat-sheet/#1_Add_comment_to_firewal...
-- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)