Freeciv 2.0.8

Temlakos temlakos at gmail.com
Mon Aug 13 18:13:39 UTC 2007 

Bruno Wolff III wrote:
> On Mon, Aug 13, 2007 at 11:37:58 -0400,
>   Temlakos <temlakos at gmail.com> wrote:
>   
>> Everyone:
>>
>> Would SELinux interfere with Freeciv?
>>
>> Freeciv works in single-player mode primarily by starting its own server 
>> process and connecting to it. But when I try to start a Freeciv client, 
>> I get this message:
>>     
>
> In theory it could, but it seems unlikely that targeted policy would
> interfere when you are starting it from the desktop.
>
>   
>>> Starting server...
>>> Couldn't connect to the server.
>>> We probably couldn't start it from here.
>>> You'll have to start one manually. Sorry....
>>>       
>
> What do your logs say?
> You can see if there were any AVC denials from selinux. Also, freeciv
> might have its own logging that could tell you more about what is going
> wrong.
> Firewall logs most likely end up in /var/log/messages and would be good to
> check as well.
>
>   
>> Then when I /do/ try to start a Freeciv server manually, and load a 
>> game, I can't connect. When I try to use Freeciv's client to "connect to 
>> a network game"--well, I see a few games out on the Internet, but /none/ 
>> in my "Local Area Network."
>>     
>
> This makes me think that firewall rules are a possible culprit.
>
>   
All right, here are my firewall rules:

> # Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 
> -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 
> -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 
> -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 
> -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 
> -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5555 
> -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5555 
> -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5432 
> -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5432 
> -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
The logs say nothing about the programs civclient or civserver, nor do I 
see anything in the logs referable to a mishap at the time I tried to 
start those applications.

What line should I add, to grant to my system the necessary permissions?

Temlakos

More information about the fedora-selinux-list mailing list