On 2023-04-29 13:25, Andrei Borzenkov wrote:
On 29.04.2023 12:57, Carlos E. R. wrote:
Damm! It is service name, not protocol value. Wrong copy paste. But the syntax check said nothing! Claims success and fails.
syntax is correct. It also gives warning when (re-)loaded:
Apr 29 14:18:55 uefi firewalld[1959]: WARNING: INVALID_PROTOCOL: samba: rule family="ipv4" source address="192.168.0.0/16" protocol value="samba" accept Apr 29 14:18:55 uefi firewalld[1959]: WARNING: INVALID_PROTOCOL: samba: rule family="ipv4" source address="192.168.0.0/16" protocol value="samba" accept
Where is that warning printed? Not in the terminal where I typed the command. In the firewall log? Isengard:/etc/firewalld/zones # grep INVALID_PROTOCOL /var/log/firewall Isengard:/etc/firewalld/zones # Isengard:/etc/firewalld/zones # zgrep INVALID_PROTOCOL /var/log/firewall-2023042*xz Isengard:/etc/firewalld/zones # just noticed a different log file: Isengard:/etc/firewalld/zones # ls -ltr /var/log/firewall* ... -rw-r----- 1 root root 227636 Apr 27 23:59 /var/log/firewall-20230428.xz -rw-r----- 1 root root 4683 Apr 29 00:34 /var/log/firewalld -rw-r----- 1 root root 1977300 Apr 29 13:36 /var/log/firewall That one has the errors! 2023-04-29 00:11:52 WARNING: INVALID_PROTOCOL: samba: rule family="ipv4" source address="172.26.0.0/16" protocol value="samba" accept
Whether it should abort completely is certainly debatable. And if you use CLI (or I assume GUI) you get clear message
No, I just expected a message printed in the CLI, not an abort.
efi:/etc/firewalld # firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/16" protocol value="samba" accept' Error: INVALID_PROTOCOL: samba uefi:/etc/firewalld #
And loose the formatting and comments on the file. Ok, now I know that firewalld errors go to a different log file. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)