I had this experience:
Where the solution was open the specific port through
SELinux. Until here all ok.
Just for LAN working, through
DBeaver, after to did do a research was mandatory configure
firewalld, otherwise is impossible do a remote connection for
MySQL running in Fedora
To be honest I thought that through
SELinux, once opened the specific port, it could do an internal interaction with the default Fedora’s firewall, in this case
firewalld - but it is not the case.
- What is the relation/difference between
As you can see was mandatory define the port in 2 different programs.
They’re totally different layers. Firewalld is specific to networking where SELinux is specific to processes. SELinux can determine if a process should talk over a certain port or not, but the firewall is concerned with what to do with the traffic itself on that port/interface. The firewall won’t keep a process from trying to listen on a port, but can block traffic from getting to that process. Also, generally speaking, the firewall often doesn’t apply to stuff listening locally. If port 80 is blocked in the firewall,Apache can’t serve on that port to the outside world, but you should still be able to resolve it using
curl http://localhost from the same host, for example. SELinux can prevent a process from binding to a port or making a network connection at the process level, so it can keep it from listening locally or making outbound connections, which can prevent certain types of malware from working.
Both are very important, but are managing things from different layers of the stack.
Huge thanks for the clarification. I assumed that perhaps
SELinux could have some interaction/control over
Firewalld. Now all is clear. Thanks again!