Hi,
I have the following content in an XML file under /etc/firewalld/services/EPICSChannelAccess.xml
<?xml version="1.0" encoding="utf-8"?> <service> <short>EPICS Channel Access service</short> <port port="ca-1" protocol="tcp"/> <port port="ca-1" protocol="udp"/> <port port="ca-2" protocol="tcp"/> <port port="ca-2" protocol="udp"/> <source-port port="ca-1" protocol="tcp"/> <source-port port="ca-1" protocol="udp"/> <source-port port="ca-2" protocol="tcp"/> <source-port port="ca-2" protocol="udp"/> </service>
But this requres a link o be set on my system from /usr/etc/services to /etc/services. Somehow firewalld under OpenSuSE Tumbleweed does not yet honor the new path to this file. But if you replace the symbolic port names to the corresponding numbers it also works.
Regards,
Jörn
Am Montag, 24. Februar 2020, 14:09:57 CET schrieb Goetz Pfeiffer via Tech-talk:
> On 4/3/19 11:51 AM, Dirk Zimoch via Tech-talk wrote:
> > Hi
> >
> > Does anyone already have a firewalld configuration to allow Channel
> > Access? I.e. something like a /usr/lib/firewalld/services/epics.xml file?
> >
> > Dirk
>
> Hello Dirk,
>
> I just struggled with firewalld in order to make EPICS clients and servers
> work and I found this solution for the command line:
>
> Settings for EPICS clients:
>
> firewall-cmd --add-rich-rule="rule source-port port=5064 protocol=tcp
> accept" firewall-cmd --add-rich-rule="rule source-port port=5064
> protocol=udp accept" firewall-cmd --add-rich-rule="rule source-port
> port=5065 protocol=tcp accept" firewall-cmd --add-rich-rule="rule
> source-port port=5065 protocol=udp accept"
>
> Additional settings for EPICS servers:
>
> firewall-cmd --add-rich-rule="rule port port=5064 protocol=tcp accept"
> firewall-cmd --add-rich-rule="rule port port=5064 protocol=udp accept"
> firewall-cmd --add-rich-rule="rule port port=5065 protocol=tcp accept"
> firewall-cmd --add-rich-rule="rule port port=5065 protocol=udp accept"
>
> Make changes permanent:
>
> firewall-cmd --runtime-to-permanent
>
> Greetings
>
> Goetz
|