search

christgau / wsdd

A Web Service Discovery host daemon.
MIT License
808 stars 97 forks source link

feat(usr/lib): Add firewalld configuration files #186

Closed ondrejholy closed 6 months ago

ondrejholy commented 8 months ago

The project already contains UFW configuration files, but firewalld configuration files are missing. Let's add a copy of firewalld configuration files used in Fedora.

christgau commented 7 months ago

I have two comments/suggestions

  1. Would it make sense to merge the two files? THB, I don't know what conventions for firewalld apply. Or is that not possible since the definition for the multicast traffic (wsdd.xml) would also restrict the HTTP traffic, which would also not make sense from the technical point of view...
  2. can we move the two files to etc/firewalld/services?
ondrejholy commented 6 months ago

Thanks for your reply:

  1. This is exactly how it is packaged under Fedora. I will try to find an answer, but probably not before January. But it seems likely that you have answered your question already...
  2. The preferred location for distro-managed services is /usr/lib, but if you wish, I should not be a problem putting this under /etc inside git repository and extracting this to /usr/lib downstream.
hgraeber commented 6 months ago

firewalld already has a service file "ws-discovery-udp.xml" that is identical to your "wsdd.xml", except for the include of "wsdd-http.xml". For my opensuse package I added a service file "wsdd.xml" which is equivalent to the latter and includes "ws-discovery-udp.xml". For older distributions I added a copy of firewallds "ws-discovery-udp.xml", too.

christgau commented 6 months ago

firewalld already has a service file "ws-discovery-udp.xml" that is identical to your "wsdd.xml", except for the include of "wsdd-http.xml".

By firewalld, you mean upstream here?

For my opensuse package I added a service file "wsdd.xml" which is equivalent to the latter and includes "ws-discovery-udp.xml".

Sounds reasonable.

For older distributions I added a copy of firewallds "ws-discovery-udp.xml", too.

So you proposal would be to rely on the existence of ws-discovery-udp.xml and rewrite the service file for wsdd accordingly?! @ondrejholy would that also work from your perspective?

ondrejholy commented 6 months ago

I haven't known that it is part of firewalld. It will surely work if firewalld already contains some of those. Hmm, shouldn't the missing part be proposed to firewalld upstream after all?

hgraeber commented 6 months ago

firewalld already has a service file "ws-discovery-udp.xml" that is identical to your "wsdd.xml", except for the include of "wsdd-http.xml".

By firewalld, you mean upstream here?

Yes, the "ws-discovery-udp.xml" service file is part of firewalld since version 1.1.0.

For my opensuse package I added a service file "wsdd.xml" which is equivalent to the latter and includes "ws-discovery-udp.xml".

Sounds reasonable.

For older distributions I added a copy of firewallds "ws-discovery-udp.xml", too.

So you proposal would be to rely on the existence of ws-discovery-udp.xml and rewrite the service file for wsdd accordingly?! @ondrejholy would that also work from your perspective?

I think the firewalld service file(s) for wsdd shall use the files from firewalld so far as already available there. For the remaining ports one can profiled them as part of wsdd and in parallel shall give them upstream.

Here is the "wsdd.xml" form may opensuse package:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>wsdd</short>
  <description>Web Service Discovery</description>
  <port protocol="tcp" port="5357"/>
  <include service="ws-discovery-udp"/>
</service>

Maybe for upstream one shall not use "wsdd" as part of the files to be friendly to other wsd implementations.