Re: [PATCH firewalld] feat: service: add nbd (Network Block Device) service

To: Firewalld development list <firewalld-devel@lists.fedorahosted.org>
Cc: "Richard W.M. Jones" <rjones@redhat.com>, nbd@other.debian.org
Subject: Re: [PATCH firewalld] feat: service: add nbd (Network Block Device) service
From: Eric Garver <egarver@redhat.com>
Date: Thu, 13 Aug 2020 12:47:15 -0400
Message-id: <[🔎] 20200813164715.xk52qsqbkvz4fl3g@egarver>
In-reply-to: <[🔎] 12f630d0-edf6-399c-f907-bff288a21527@redhat.com>
References: <[🔎] 20200813123854.967482-1-rjones@redhat.com> <[🔎] 20200813152831.GA5823@roberto> <[🔎] 12f630d0-edf6-399c-f907-bff288a21527@redhat.com>

On Thu, Aug 13, 2020 at 11:25:18AM -0500, Eric Blake wrote:
> On 8/13/20 10:28 AM, Eric Garver wrote:
> > On Thu, Aug 13, 2020 at 01:38:54PM +0100, Richard W.M. Jones wrote:
> > > ---
> > >   config/Makefile.am      | 1 +
> > >   config/services/nbd.xml | 6 ++++++
> > >   po/POTFILES.in          | 1 +
> > >   3 files changed, 8 insertions(+)
> > 
> > Thanks! I applied and pushed this upstream:
> > 
> >      8f562559dad8 ("feat: service: add nbd (Network Block Device)
> >      service")
> 
> Unrelated question - why can't firewalld automatically support an implied
> service for every listing in /etc/services, in order to reduce the number of
> patches needed to config/services/*.xml which end up duplicating efforts?

You can do that.

    # firewall-cmd --add-port gopher/tcp
    success

Internally it uses socket.getservbyname() [1].

Unfortunately listing the ports doesn't do the reverse translation, but
this could be addressed.

    # firewall-cmd --list-ports
    70/tcp

Services are useful if you want to open a collection of ports or the
service needs conntrack helpers.

[1]: https://docs.python.org/3/library/socket.html#socket.getservbyname

Reply to:

Follow-Ups:
- Re: [PATCH firewalld] feat: service: add nbd (Network Block Device) service
  - From: "Richard W.M. Jones" <rjones@redhat.com>

References:
- [PATCH firewalld] feat: service: add nbd (Network Block Device) service
  - From: "Richard W.M. Jones" <rjones@redhat.com>
- Re: [PATCH firewalld] feat: service: add nbd (Network Block Device) service
  - From: Eric Garver <eric@garver.life>
- Re: [PATCH firewalld] feat: service: add nbd (Network Block Device) service
  - From: Eric Blake <eblake@redhat.com>

Prev by Date: Re: [PATCH firewalld] feat: service: add nbd (Network Block Device) service
Next by Date: Re: [PATCH firewalld] feat: service: add nbd (Network Block Device) service
Previous by thread: Re: [PATCH firewalld] feat: service: add nbd (Network Block Device) service
Next by thread: Re: [PATCH firewalld] feat: service: add nbd (Network Block Device) service
Index(es):
- Date
- Thread