How to enable synergy 24800 (or some other port) through firewalld
Solution 1
After reading man firewall-cmd
I ran;
sudo firewall-cmd --permanent --add-port=24800/tcp
and reboot did the trick for me
Solution 2
This is how to opened the port with firewalld. I did not find a gui like the old Firewall program, and realized that firewalld was ignoring my previous rules for synergy.
Firewalld installs with some default config files that can be used to allow services or ports through the system.
~]$ sudo ls -l /usr/lib/firewalld/zones
total 36
-rw-r-----. 1 root root 256 Feb 20 10:37 block.xml
-rw-r-----. 1 root root 293 Feb 20 10:37 dmz.xml
-rw-r-----. 1 root root 226 Feb 20 10:37 drop.xml
-rw-r-----. 1 root root 319 Feb 20 10:37 external.xml
-rw-r-----. 1 root root 400 Feb 20 10:37 home.xml
-rw-r-----. 1 root root 415 Feb 20 10:37 internal.xml
-rw-r-----. 1 root root 340 Feb 20 10:37 public.xml
-rw-r-----. 1 root root 179 Feb 20 10:37 trusted.xml
-rw-r-----. 1 root root 367 Feb 20 10:37 work.xml
I decided to take internal.xml for a spin and copied it from the install directory to the load directory in /etc/firewalld/ then I edited that to add my port for synergy.
~]$ sudo cp /usr/lib/firewalld/zones/internal.xml /etc/firewalld/zones
~]$ sudo vi /etc/firewalld/zones/internal.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Internal</short>
<description>For use on internal networks. You mostly trust the other computers
on the networks to not harm your computer. Only selected incoming connections
are accepted.</description>
<service name="ssh"/>
<service name="ipp-client"/>
<service name="mdns"/>
<service name="samba-client"/>
<service name="dhcpv6-client"/>
<port port="24800" protocol="tcp"/> <-- Here is my addition.
</zone>
I saved the file, restarted firewalld and my synergy app was back on line.
~]$ sudo service firewalld restart
I don't use the other services too often, but I do have share folder here and might do a login once in a blue moon, so id did not bother to erase the others.
To make it stick, I changed the firewalld.conf default to internal as well.
~]$ sudo vi /etc/firewalld/firewalld.conf
# firewalld config file
# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=internal <-- changed this line
All in all, I think this is a pretty simple to edit configuration. Much easier for a noob like me to understand than the iptables rules.
I hope it helps you get moving on with the new Fedora.
Update: It turns out I typed the add command wrong. To use the temporary add port or service, it goes like so:
~]$ sudo firewall-cmd --add-port=24800/tcp
~]$ sudo firewall-cmd --list-all
internal
interfaces: eth0
services: ipp-client mdns dhcpv6-client ssh samba-client
ports: 24800/tcp
forward-ports:
icmp-blocks:
The thing you like to add, is appended to the --add command with a - .
Now in the man page I also see a permanent option. So, i give it a try:
~]$ sudo firewall-cmd --permanent --add-port=24800/tcp
~]$ sudo firewall-cmd --complete-reload
~]$ sudo firewall-cmd --list-all
internal
interfaces: eth0
services: ipp-client mdns dhcpv6-client samba-client ssh
ports: 24800/tcp
forward-ports:
icmp-blocks:
So far, so good. After reboot I'll see what I have. Meanwhile I find a change in the zone directory:
~]$ sudo ls /etc/firewalld/zones
internal.xml internal.xml.old
~]$ sudo cat /etc/firewalld/zones/internal.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Internal</short>
<description>For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ipp-client"/>
<service name="mdns"/>
<service name="dhcpv6-client"/>
<service name="samba-client"/>
<service name="ssh"/>
<port protocol="tcp" port="24800"/>
</zone>
Related videos on Youtube
ndasusers
Updated on September 18, 2022Comments
-
ndasusers almost 2 years
After upgrading to Fedora 18, Synergy, the keyboard sharing system was blocked by default. The culprit was firewalld, which happily ignored my previous settings made in the Fedora GUI, backed by iptables.
~]$ ps aux | grep firewall root 3222 0.0 1.2 22364 12336 ? Ss 18:17 0:00 /usr/bin/python /usr/sbin/firewalld --nofork david 3783 0.0 0.0 4788 808 pts/0 S+ 20:08 0:00 grep --color=auto firewall ~]$
Ok, so how to get around this? I did
sudo killall firealld
for several weeks, but that got annoying every time I rebooted. It was time to look for some clues. There were several one liners, but they did not work for me. They kept spitting out the help text. For example:~]$ sudo firewall-cmd --zone=internal --add --port=24800/tcp [sudo] password for auser: option --add not a unique prefix
Also, posts that clamied this command worked also stated it was temporary, unable to survive a reboot. I ended up adding a file to the config directory to be loaded in on boot.
Would anyone be able to have a look at that and see if I missed something? Though synergy works, when I run the list command, I get no result:
~]$ sudo firewall-cmd --zone=internal --list-services ipp-client mdns dhcpv6-client ssh samba-client ~]$ sudo firewall-cmd --zone=internal --list-ports ~]$
-
ndasusers about 11 yearsI used the --add command incorrectly. See below for the discovery. or use
--add-port=24800/tcp
if you want to just get up and go.
-
-
user122302 over 2 yearsA reboot is not needed,
sudo firewall-cmd --reload
should be enough.