Closed ondrejholy closed 6 months ago
I have two comments/suggestions
etc/firewalld/services
?Thanks for your reply:
/usr/lib
, but if you wish, I should not be a problem putting this under /etc
inside git repository and extracting this to /usr/lib
downstream. firewalld already has a service file "ws-discovery-udp.xml" that is identical to your "wsdd.xml", except for the include of "wsdd-http.xml". For my opensuse package I added a service file "wsdd.xml" which is equivalent to the latter and includes "ws-discovery-udp.xml". For older distributions I added a copy of firewallds "ws-discovery-udp.xml", too.
firewalld already has a service file "ws-discovery-udp.xml" that is identical to your "wsdd.xml", except for the include of "wsdd-http.xml".
By firewalld, you mean upstream here?
For my opensuse package I added a service file "wsdd.xml" which is equivalent to the latter and includes "ws-discovery-udp.xml".
Sounds reasonable.
For older distributions I added a copy of firewallds "ws-discovery-udp.xml", too.
So you proposal would be to rely on the existence of ws-discovery-udp.xml and rewrite the service file for wsdd accordingly?! @ondrejholy would that also work from your perspective?
I haven't known that it is part of firewalld. It will surely work if firewalld already contains some of those. Hmm, shouldn't the missing part be proposed to firewalld upstream after all?
firewalld already has a service file "ws-discovery-udp.xml" that is identical to your "wsdd.xml", except for the include of "wsdd-http.xml".
By firewalld, you mean upstream here?
Yes, the "ws-discovery-udp.xml" service file is part of firewalld since version 1.1.0.
For my opensuse package I added a service file "wsdd.xml" which is equivalent to the latter and includes "ws-discovery-udp.xml".
Sounds reasonable.
For older distributions I added a copy of firewallds "ws-discovery-udp.xml", too.
So you proposal would be to rely on the existence of ws-discovery-udp.xml and rewrite the service file for wsdd accordingly?! @ondrejholy would that also work from your perspective?
I think the firewalld service file(s) for wsdd shall use the files from firewalld so far as already available there. For the remaining ports one can profiled them as part of wsdd and in parallel shall give them upstream.
Here is the "wsdd.xml" form may opensuse package:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>wsdd</short>
<description>Web Service Discovery</description>
<port protocol="tcp" port="5357"/>
<include service="ws-discovery-udp"/>
</service>
Maybe for upstream one shall not use "wsdd" as part of the files to be friendly to other wsd implementations.
The project already contains UFW configuration files, but firewalld configuration files are missing. Let's add a copy of firewalld configuration files used in Fedora.