Re: [PATCH] nm-pptp-service: Grant proto GRE by firewalld

On Wed, Mar 1, 2017 at 6:14 PM poma <pomidorabelisima gmail com> wrote:
On 01.03.2017 17:11, Thomas Haller wrote:
> On Wed, 2017-03-01 at 08:07 +0100, poma wrote:
>> From 28b7713cda1deba1b54bd9e52b0d62716e356b66 Mon Sep 17 00:00:00
>> 2001
>> From: poma <poma gmail com>
>> Date: Wed, 1 Mar 2017 07:05:40 +0100
>> Subject: [PATCH] nm-pptp-service: Grant proto GRE by firewalld.
>> With recent kernels, the Poptop - The PPTP Server for Linux (pptpd)
>> requires
>> explicit load of nf_conntrack_pptp kernel module to achieve the
>> operating state of the service itself.
>> However this is not the case with the PPTP Client (pptp) on a Linux
>> based platform.
>> What is needed is to apply directly, rule within the firewalld, to
>> grant proto gre,
>> to achieve the operating state of the client itself.
>> Ref.
> Hi poma,
> the patch does two things. I think there should be two patches for it.
> 1) drop loading the kernel module "nf_conntrack_pptp". The patch
> basically reverts
> but it's not explained why that is correct beyond "this is not the case
> with...". It should be explained better whats wrong with 695d4f2f
> and how that affects the two bugs that were closed by it. Will the issue
> reapar, or was there a different issue in the first place?

Here, just for you, once again ;)

by By Ryan Roth
"Troubleshooting 'GRE: Protocol not available' errors"
#1. Client firewall:
"Make sure your client is not running a software firewall. If it is make sure port 1723 and protocol 47 are allowed."

Port 1723 is not a problem, but proto GRE is, meaning,
to achieve the operating state of the client itself,
"protocol 47 must be allowed" i.e. "grant proto gre".

> 2) call to firewallcmd. firewalld is commonly only available on
> Fedora/RHEL, thus patch would cause a warning on Debian systems...
> You would at least need to check whether such a binary file exists and
> only call it if necessary.

I am a user of the Fedora - a Linux based operating system.
"Choose Freedom. Choose Fedora."

Well, even in Fedora firewalld is not guarantied to be installed. And even if its installed its not guarantied to be used/running.
So blindly using firewall-cmd is wrong on any Linux distro.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]