1

After upgrading to Fedora 18, Synergy, the keyboard sharing system was blocked by default. The culprit was firewalld, which happily ignored my previous settings made in the Fedora GUI, backed by iptables. 

~]$ ps aux | grep firewall
root      3222  0.0  1.2  22364 12336 ?        Ss   18:17   0:00 /usr/bin/python /usr/sbin/firewalld --nofork
david     3783  0.0  0.0   4788   808 pts/0    S+   20:08   0:00 grep --color=auto firewall
~]$

Ok, so how to get around this? I did sudo killall firealld for several weeks, but that got annoying every time I rebooted. It was time to look for some clues. There were several one liners, but they did not work for me. They kept spitting out the help text. For example:

~]$ sudo firewall-cmd --zone=internal --add --port=24800/tcp
[sudo] password for auser: 
option --add not a unique prefix

Also, posts that clamied this command worked also stated it was temporary, unable to survive a reboot. I ended up adding a file to the config directory to be loaded in on boot.

Would anyone be able to have a look at that and see if I missed something? Though synergy works, when I run the list command, I get no result:

~]$ sudo firewall-cmd --zone=internal --list-services
ipp-client mdns dhcpv6-client ssh samba-client
~]$ sudo firewall-cmd --zone=internal --list-ports
~]$
ndasusers
  • 427
  • 1
  • 5
  • 14
  • I used the --add command incorrectly. See below for the discovery. or use `--add-port=24800/tcp` if you want to just get up and go. – ndasusers Apr 18 '13 at 01:38

2 Answers2

2

After reading man firewall-cmd I ran;

sudo firewall-cmd --permanent --add-port=24800/tcp

and reboot did the trick for me

Thermionix
  • 917
  • 2
  • 15
  • 28
1

This is how to opened the port with firewalld. I did not find a gui like the old Firewall program, and realized that firewalld was ignoring my previous rules for synergy.

Firewalld installs with some default config files that can be used to allow services or ports through the system.

~]$ sudo ls -l /usr/lib/firewalld/zones
total 36
-rw-r-----. 1 root root 256 Feb 20 10:37 block.xml
-rw-r-----. 1 root root 293 Feb 20 10:37 dmz.xml
-rw-r-----. 1 root root 226 Feb 20 10:37 drop.xml
-rw-r-----. 1 root root 319 Feb 20 10:37 external.xml
-rw-r-----. 1 root root 400 Feb 20 10:37 home.xml
-rw-r-----. 1 root root 415 Feb 20 10:37 internal.xml
-rw-r-----. 1 root root 340 Feb 20 10:37 public.xml
-rw-r-----. 1 root root 179 Feb 20 10:37 trusted.xml
-rw-r-----. 1 root root 367 Feb 20 10:37 work.xml

I decided to take internal.xml for a spin and copied it from the install directory to the load directory in /etc/firewalld/ then I edited that to add my port for synergy.

~]$ sudo cp /usr/lib/firewalld/zones/internal.xml /etc/firewalld/zones
~]$ sudo vi /etc/firewalld/zones/internal.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Internal</short>
  <description>For use on internal networks. You mostly trust the other computers 
  on the networks to not harm your computer. Only selected incoming connections 
  are accepted.</description>
  <service name="ssh"/>
  <service name="ipp-client"/>
  <service name="mdns"/>
  <service name="samba-client"/>
  <service name="dhcpv6-client"/>
  <port port="24800" protocol="tcp"/>  <-- Here is my addition. 
</zone>

I saved the file, restarted firewalld and my synergy app was back on line. 

~]$ sudo service firewalld restart

I don't use the other services too often, but I do have share folder here and might do a login once in a blue moon, so id did not bother to erase the others.

To make it stick, I changed the firewalld.conf default to internal as well.

~]$ sudo vi /etc/firewalld/firewalld.conf
# firewalld config file

# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=internal   <-- changed this line

All in all, I think this is a pretty simple to edit configuration. Much easier for a noob like me to understand than the iptables rules.

I hope it helps you get moving on with the new Fedora.

Update: It turns out I typed the add command wrong. To use the temporary add port or service, it goes like so:

~]$ sudo  firewall-cmd --add-port=24800/tcp
~]$ sudo  firewall-cmd  --list-all
internal
  interfaces: eth0
  services: ipp-client mdns dhcpv6-client ssh samba-client
  ports: 24800/tcp
  forward-ports: 
  icmp-blocks:

The thing you like to add, is appended to the --add command with a - .

Now in the man page I also see a permanent option. So, i give it a try:

~]$ sudo  firewall-cmd --permanent --add-port=24800/tcp
~]$ sudo  firewall-cmd --complete-reload
~]$ sudo  firewall-cmd  --list-all
internal
  interfaces: eth0
  services: ipp-client mdns dhcpv6-client samba-client ssh
  ports: 24800/tcp
  forward-ports: 
  icmp-blocks:

So far, so good. After reboot I'll see what I have. Meanwhile I find a change in the zone directory:

~]$ sudo ls /etc/firewalld/zones
internal.xml  internal.xml.old
~]$ sudo cat /etc/firewalld/zones/internal.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Internal</short>
  <description>For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ipp-client"/>
  <service name="mdns"/>
  <service name="dhcpv6-client"/>
  <service name="samba-client"/>
  <service name="ssh"/>
  <port protocol="tcp" port="24800"/>
</zone>
ndasusers
  • 427
  • 1
  • 5
  • 14