EPICS Home

Experimental Physics and Industrial Control System


 
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <20202021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <20202021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Re: firewalld configuration for EPICS?
From: Jörn Dreyer via Tech-talk <tech-talk at aps.anl.gov>
To: Dirk Zimoch <dirk.zimoch at psi.ch>, EPICS <tech-talk at aps.anl.gov>
Date: Mon, 24 Feb 2020 14:27:18 +0100

Hi,

 

I have the following content in an XML file under /etc/firewalld/services/EPICSChannelAccess.xml

 

<?xml version="1.0" encoding="utf-8"?>
<service>
 <short>EPICS Channel Access service</short>
 <port port="ca-1" protocol="tcp"/>
 <port port="ca-1" protocol="udp"/>
 <port port="ca-2" protocol="tcp"/>
 <port port="ca-2" protocol="udp"/>
 <source-port port="ca-1" protocol="tcp"/>
 <source-port port="ca-1" protocol="udp"/>
 <source-port port="ca-2" protocol="tcp"/>
 <source-port port="ca-2" protocol="udp"/>
</service>

But this requres a link o be set on my system from /usr/etc/services
to /etc/services. Somehow firewalld under OpenSuSE Tumbleweed does not yet honor the new path to this file. But if you replace the symbolic port names to the corresponding numbers it also works.

 

Regards,

 

Jörn

 

Am Montag, 24. Februar 2020, 14:09:57 CET schrieb Goetz Pfeiffer via Tech-talk:

> On 4/3/19 11:51 AM, Dirk Zimoch via Tech-talk wrote:

> > Hi

> >

> > Does anyone already have a firewalld configuration to allow Channel

> > Access? I.e. something like a /usr/lib/firewalld/services/epics.xml file?

> >

> > Dirk

>

> Hello Dirk,

>

> I just struggled with firewalld in order to make EPICS clients and servers

> work and I found this solution for the command line:

>

> Settings for EPICS clients:

>

>   firewall-cmd --add-rich-rule="rule source-port port=5064 protocol=tcp

> accept" firewall-cmd --add-rich-rule="rule source-port port=5064

> protocol=udp accept" firewall-cmd --add-rich-rule="rule source-port

> port=5065 protocol=tcp accept" firewall-cmd --add-rich-rule="rule

> source-port port=5065 protocol=udp accept"

>

> Additional settings for EPICS servers:

>

>   firewall-cmd --add-rich-rule="rule port port=5064 protocol=tcp accept"

>   firewall-cmd --add-rich-rule="rule port port=5064 protocol=udp accept"

>   firewall-cmd --add-rich-rule="rule port port=5065 protocol=tcp accept"

>   firewall-cmd --add-rich-rule="rule port port=5065 protocol=udp accept"

>

> Make changes permanent:

>

>   firewall-cmd --runtime-to-permanent

>

> Greetings

>

>   Goetz

 

Replies:
Re: firewalld configuration for EPICS? Gabriel Fedel via Tech-talk
References:
Re: firewalld configuration for EPICS? Goetz Pfeiffer via Tech-talk
Navigate by Date:
Prev: Re: firewalld configuration for EPICS? Goetz Pfeiffer via Tech-talk
Next: Re: Areadetector error in version R3-8 Mark Rivers via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <20202021  2022  2023  2024 
Navigate by Thread:
Prev: Re: firewalld configuration for EPICS? Goetz Pfeiffer via Tech-talk
Next: Re: firewalld configuration for EPICS? Gabriel Fedel via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <20202021  2022  2023  2024