action #117616
Updated by dvenkatachala about 2 years ago
Santiago and I did manual test to start the firewalld containter in a ALP. Below are the steps followed, to start firewalld container in ALP, 1. Disable the Host's firewalld #systemctl stop firewalld.service 2. Identify the firewalld workload image: #podman search firewalld registry.opensuse.org/suse/alp/workloads/tumbleweed_containerfiles/suse/alp/workloads/firewalld 3. Start the firewalld container: #podman run -d --network host --privileged --name my-firewalld registry.opensuse.org/suse/alp/workloads/tumbleweed_containerfiles/suse/alp/workloads/firewalld This will pull (download) the image from registry.opensuse.org if the image is not already in the local cache. The --network host means the container will run in the default network namespace and thus make firewall changes affecting the entire host. 4. To make changes to firewalld running inside the container podman exec must be used #podman exec my-firewalld firewall-cmd State: running No options specified usage: 'firewall-cmd --help' for usage information or see firewall-cmd(1) man page 5. Add the port 9090 to enable the cockpit web server on ALP #podman exec my-firewalld firewall-cmd --add-port=9090/tcp You're performing an operation over default zone ('public'), but your connections/interfaces are in zone 'docker' (see --get-active-zones) You most likely need to use --zone=docker option. success Note: Shell alias for convenience The above is a long command. It can be made more convenient with a shell alias. #alias my-firewall-cmd='podman exec my-firewalld firewall-cmd'