action #117616

Updated by dvenkatachala 8 months ago

Santiago and I did manual test to start the firewalld containter in a ALP. Below are the steps followed,
to start firewalld container in ALP,

1. Disable the Host's firewalld
#systemctl stop firewalld.service

2. Identify the firewalld workload image:
#podman search firewalld

3. Start the firewalld container:
#podman run -d --network host --privileged --name my-firewalld
This will pull (download) the image from if the image is not already in the local cache. The --network host means the container will run in the default network namespace and thus make firewall changes affecting the entire host.

4. To make changes to firewalld running inside the container podman exec must be used
#podman exec my-firewalld firewall-cmd
State: running
No options specified
usage: 'firewall-cmd --help' for usage information or see firewall-cmd(1) man page

5. Add the port 9090 to enable the cockpit web server on ALP
#podman exec my-firewalld firewall-cmd --add-port=9090/tcp
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'docker' (see --get-active-zones)
You most likely need to use --zone=docker option.


Shell alias for convenience
The above is a long command. It can be made more convenient with a shell alias.

#alias my-firewall-cmd='podman exec my-firewalld firewall-cmd'