Closed chendelin1982 closed 11 months ago
$ ls /usr/lib/firewalld/services
afp.xml elasticsearch.xml jenkins.xml mongodb.xml ptp.xml steam-streaming.xml
amanda-client.xml etcd-client.xml kadmin.xml mosh.xml pulseaudio.xml svdrp.xml
amanda-k5-client.xml etcd-server.xml kdeconnect.xml mountd.xml puppetmaster.xml svn.xml
amqps.xml finger.xml kerberos.xml mqtt-tls.xml quassel.xml syncthing-gui.xml
amqp.xml foreman-proxy.xml kibana.xml mqtt.xml radius.xml syncthing.xml
apcupsd.xml foreman.xml klogin.xml mssql.xml rdp.xml synergy.xml
audit.xml freeipa-4.xml kpasswd.xml ms-wbt.xml redis-sentinel.xml syslog-tls.xml
ausweisapp2.xml freeipa-ldaps.xml kprop.xml murmur.xml redis.xml syslog.xml
bacula-client.xml freeipa-ldap.xml kshell.xml mysql.xml RH-Satellite-6-capsule.xml telnet.xml
bacula.xml freeipa-replication.xml kube-apiserver.xml nbd.xml RH-Satellite-6.xml tentacle.xml
bb.xml freeipa-trust.xml kube-api.xml netbios-ns.xml rpc-bind.xml tftp.xml
bgp.xml ftp.xml kube-controller-manager-secure.xml netdata-dashboard.xml rquotad.xml tile38.xml
bitcoin-rpc.xml galera.xml kube-controller-manager.xml nfs3.xml rsh.xml tinc.xml
bitcoin-testnet-rpc.xml ganglia-client.xml kube-control-plane-secure.xml nfs.xml rsyncd.xml tor-socks.xml
bitcoin-testnet.xml ganglia-master.xml kube-control-plane.xml nmea-0183.xml rtsp.xml transmission-client.xml
bitcoin.xml git.xml kubelet-readonly.xml nrpe.xml salt-master.xml upnp-client.xml
bittorrent-lsd.xml gpsd.xml kubelet-worker.xml ntp.xml samba-client.xml vdsm.xml
ceph-mon.xml grafana.xml kubelet.xml nut.xml samba-dc.xml vnc-server.xml
ceph.xml gre.xml kube-nodeport-services.xml openvpn.xml samba.xml wbem-https.xml
cfengine.xml high-availability.xml kube-scheduler-secure.xml ovirt-imageio.xml sane.xml wbem-http.xml
checkmk-agent.xml http3.xml kube-scheduler.xml ovirt-storageconsole.xml sips.xml wireguard.xml
cockpit.xml https.xml kube-worker.xml ovirt-vmconsole.xml sip.xml ws-discovery-client.xml
collectd.xml http.xml ldaps.xml plex.xml slp.xml ws-discovery-tcp.xml
condor-collector.xml ident.xml ldap.xml pmcd.xml smtp-submission.xml ws-discovery-udp.xml
cratedb.xml imaps.xml libvirt-tls.xml pmproxy.xml smtps.xml ws-discovery.xml
ctdb.xml imap.xml libvirt.xml pmwebapis.xml smtp.xml wsmans.xml
dhcpv6-client.xml ipfs.xml lightning-network.xml pmwebapi.xml snmptls-trap.xml wsman.xml
dhcpv6.xml ipp-client.xml llmnr-tcp.xml pop3s.xml snmptls.xml xdmcp.xml
dhcp.xml ipp.xml llmnr-udp.xml pop3.xml snmptrap.xml xmpp-bosh.xml
distcc.xml ipsec.xml llmnr.xml postgresql.xml snmp.xml xmpp-client.xml
dns-over-tls.xml ircs.xml managesieve.xml privoxy.xml spideroak-lansync.xml xmpp-local.xml
dns.xml irc.xml matrix.xml prometheus-node-exporter.xml spotify-sync.xml xmpp-server.xml
docker-registry.xml iscsi-target.xml mdns.xml prometheus.xml squid.xml zabbix-agent.xml
docker-swarm.xml isns.xml memcache.xml proxy-dhcp.xml ssdp.xml zabbix-server.xml
dropbox-lansync.xml jellyfin.xml minidlna.xml ps3netsrv.xml ssh.xml zerotier.xml
$cat /usr/lib/firewalld/services/cockpit.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Cockpit</short>
<description>Cockpit lets you access and configure your server remotely.</description>
<port protocol="tcp" port="9090"/>
</service>
or
[root@iZbp12e1kas91m5swu7ds3Z ~]# cat /etc/firewalld/services/cockpit.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Cockpit</short>
<description>Cockpit lets you access and configure your server remotely.</description>
<port port="9088" protocol="tcp"/>
<port port="9088" protocol="tcp"/>
</service>
/etc/firewalld/services priority more high
solved
Set_Firewall(){
echo "$echo_prefix_cockpit Set firewall for cockpit access"
if command -v firewall-cmd &> /dev/null; then
echo "Set firewall for Cockpit..."
if ! systemctl is-active --quiet firewalld; then
sudo systemctl start firewalld
sudo sed -i "s/port=\"[0-9]*\"/port=\"$cockpit_port\"/g" /etc/firewalld/services/cockpit.xml
sudo firewall-cmd --permanent --zone=public --add-service=cockpit
sudo firewall-cmd --reload
sudo systemctl stop firewalld
else
sudo sed -i "s/port=\"[0-9]*\"/port=\"$cockpit_port\"/g" /etc/firewalld/services/cockpit.xml
sudo firewall-cmd --permanent --zone=public --add-service=cockpit
sudo firewall-cmd --reload
fi
fi
}
Describe the bug
cockpit cannot access from internet but can access by localhost. But if stop firewalld, access from internet OK