Ask Your Question
1

f25: INVALID_SERVICE: 'submission' not among existing services

asked 2017-07-02 09:49:51 -0500

ppavlov gravatar image

Hello,

I'm not sure why

# firewall-cmd --permanent --add-service=submission
Error: INVALID_SERVICE: 'submission' not among existing services

when

# cat /etc/services | grep submission
submission      587/tcp         msa             # mail message submission
submission      587/udp         msa             # mail message submission

I could do for example "firewall-cmd --permanent --add-service=smtp", so it is not generic problem..

Why does firewall-cmd not know about submission service and can this be fixed? As workaround I did "firewall-cmd --permanent --add-port=587/tcp; firewall-cmd --permanent --add-port=587/udp", but would prefer the service syntax, if possible. Any hints? Thank you!

using

# cat /etc/os-release 
NAME=Fedora
VERSION="25 (Server Edition)"
ID=fedora
VERSION_ID=25
PRETTY_NAME="Fedora 25 (Server Edition)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:25"
HOME_URL="https://fedoraproject.org/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=25
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=25
PRIVACY_POLICY_URL=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
VARIANT="Server Edition"
VARIANT_ID=server

Regards, Pavel

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
2

answered 2017-07-02 10:47:01 -0500

The firewalld does not use the information from /etc/services to configure the firewall. firewalld has its own definition of the services which are based in the /etc/firewalld/services directory. You also can write your own definitions and place them in /etc/firewalld/services.

Concerning your request, there is a service definition for the submission/587 which is named smtp-submission.
As far as I can see it only contains tcp, but you could easily copy that definition and adopt it.

cp /usr/lib/firewalld/services/smtp-submission.xml /etc/firewalld/services/submission.xml

Add the udp port.

$ cat /etc/firewalld/services/submission.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mail (SMTP-Submission)</short>
  <description>SMTP-Submission allows remote users to submit mail over port 587.</description>
  <port protocol="tcp" port="587"/>
  <port protocol="udp" port="587"/>
</service>

Then reread the configuration to make use of the definition.

firewall-cmd --reload
edit flag offensive delete link more

Comments

You would never run smtp-submission over udp anyway, so enabling udp port 587 is not necessary.

villykruse gravatar imagevillykruse ( 2017-07-02 11:39:05 -0500 )edit

Hi Thomas,

Thank you for the detailed answer! I can confirm that your proposal works and I could do "firewall-cmd --permanent --add-service=smtp-submission" .

Regards, Pavel

ppavlov gravatar imageppavlov ( 2017-07-02 11:41:59 -0500 )edit

I asked upstream about renaming this service to the common name. I’d also assume it would just be called “submission” as that is how it’s referred to everywhere else.

Aeyoun gravatar imageAeyoun ( 2017-08-15 14:01:08 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-07-02 09:49:51 -0500

Seen: 2,367 times

Last updated: Jul 02 '17