From Fedora Project Wiki

(Created page with "= Description = This is the test case to check if firewalld and the network service are working together. = How to test = === 1. Prerequisite === * Wired network connection. ...")
 
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Description =
= Description =


This is the test case to check if firewalld and the network service are working together.
This is the test case to check if firewalld and the legacy network service (aka initscripts) are working together.
 
Firewalld needs NetworkManager, which tells firewalld what network interface belongs to which zone.
Firewalld is however able to run without NetworkManager (with legacy ''network'' service),
but there's one issue. The legacy ''network'' service is just a set of scripts and not a running service
so it's not able to notice firewalld's restart and
react to it (by telling firewalld which interface belongs to which zone) as NetworkManager does.
The consequence of restarting (or starting after boot) firewalld when there's no running NetworkManager is
that there are no active zones, i.e. your network interface(s) no longer belong to any zone,
see https://bugzilla.redhat.com/show_bug.cgi?id=821938.
Work-around is to either restart the ''network'' service too or to manually add the interface to zone.


= How to test =
= How to test =


=== 1. Prerequisite ===
=== 1. Stop NetworkManager ===
 
* Wired network connection.
* root account
* Get and install testing packages [http://koji.fedoraproject.org/koji/buildinfo?buildID=307646 initscripts-9.37-1.fc17]
* firewalld ([[QA:Testcase_firewalld_active|Test case 1]])
 
=== 2. Stop NetworkManager ===


   systemctl stop NetworkManager.service
   systemctl stop NetworkManager.service


Use ifconfig to see if the wired interface is still up:
Use ''ip'' command to see if the wired interface is still ''UP'':


   ifconfig
   ip link show em1


If the wired interface (using eth0 as an example here) is up and running, please stop it:
If the wired interface (using ''em1'' as an example here) is ''UP'' and running, please stop it:


   ifconfig eth0 down
   ip link set dev em1 down


Do not shut down the lo interface.
Do not shut down the ''lo'' interface.


Restart firewalld to make sure that there are no active zones:
Restart firewalld to make sure that there are no active zones:
Line 36: Line 39:
This list should be empty.
This list should be empty.


=== 3. Start network service ===
=== 2. Start network service ===


   systemctl start network.service
   systemctl start network.service


You should be connected, now.
The interface should be again ''UP'' now.
If it's not then it's probably something wrong with ''/etc/sysconfig/network-scripts/ifcfg-em1


   firewall-cmd --get-active-zones
   firewall-cmd --get-active-zones
Line 46: Line 50:
Should list the interface as part of the default or configured zone.
Should list the interface as part of the default or configured zone.


=== 4. Change zone of interface ===
=== 3. Restore NetworkManager ===
 
Similar to [[QA:Testcase_firewalld_and_NetworkManager|Test case 3]
 
But you have to manually reconnect with
 
  systemctl restart network.service
 
=== 5. Restore NetworkManager ===


   systemctl stop network.service
   systemctl stop network.service
   systemctl start NetworkManager.service
   systemctl start NetworkManager.service

Latest revision as of 14:22, 11 December 2012

Description

This is the test case to check if firewalld and the legacy network service (aka initscripts) are working together.

Firewalld needs NetworkManager, which tells firewalld what network interface belongs to which zone. Firewalld is however able to run without NetworkManager (with legacy network service), but there's one issue. The legacy network service is just a set of scripts and not a running service so it's not able to notice firewalld's restart and react to it (by telling firewalld which interface belongs to which zone) as NetworkManager does. The consequence of restarting (or starting after boot) firewalld when there's no running NetworkManager is that there are no active zones, i.e. your network interface(s) no longer belong to any zone, see https://bugzilla.redhat.com/show_bug.cgi?id=821938. Work-around is to either restart the network service too or to manually add the interface to zone.

How to test

1. Stop NetworkManager

 systemctl stop NetworkManager.service

Use ip command to see if the wired interface is still UP: 

 ip link show em1

If the wired interface (using em1 as an example here) is UP and running, please stop it: 

 ip link set dev em1 down

Do not shut down the lo interface.

Restart firewalld to make sure that there are no active zones: 

 systemctl restart firewalld.service

Get list of active zones: 

 firewall-cmd --get-active-zones

This list should be empty.

2. Start network service

 systemctl start network.service

The interface should be again UP now. If it's not then it's probably something wrong with /etc/sysconfig/network-scripts/ifcfg-em1 

 firewall-cmd --get-active-zones

Should list the interface as part of the default or configured zone.

3. Restore NetworkManager

 systemctl stop network.service
 systemctl start NetworkManager.service
Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_firewalld_with_network_service&oldid=314513"