firewall-cmd - rich-rule - permanent configuration - firewalld-devel - Fedora Mailing-Lists

Friday, 26 July 2013

Hi,

# firewall-cmd --version
0.3.3

<Runtime Configuration>
# firewall-cmd --list-rich-rules
# firewall-cmd --add-rich-rule='rule forward-port port="2222"
to-port="22" to-addr="192.168.100.2" protocol="tcp"
family="ipv4" source
address="192.168.2.100"'
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22"
to-addr="192.168.100.2"
# firewall-cmd --remove-rich-rule='rule forward-port port="2222"
to-port="22" to-addr="192.168.100.2" protocol="tcp"
family="ipv4" source
address="192.168.2.100"'
# firewall-cmd --list-rich-rules
# firewall-cmd --add-rich-rule='rule forward-port port="2222"
to-port="22" to-addr="192.168.100.2" protocol="tcp"
family="ipv4" source
address="192.168.2.100"'
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22"
to-addr="192.168.100.2"
# firewall-cmd --reload
# firewall-cmd --list-rich-rules
<\Runtime Configuration>

Runtime Configuration - OK.

<Permanent Configuration>
# firewall-cmd --list-rich-rules
# firewall-cmd --permanent --add-rich-rule='rule forward-port
port="2222" to-port="22" to-addr="192.168.100.2"
protocol="tcp"
family="ipv4" source address="192.168.2.100"'
# firewall-cmd --list-rich-rules
# firewall-cmd --reload
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22"
to-addr="192.168.100.2"
# firewall-cmd --permanent --remove-rich-rule='rule forward-port
port="2222" to-port="22" to-addr="192.168.100.2"
protocol="tcp"
family="ipv4" source address="192.168.2.100"'
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22"
to-addr="192.168.100.2"
# firewall-cmd --reload
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22"
to-addr="192.168.100.2"
# /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  …
  <rule family="ipv4">
    <source address="192.168.2.100"/>
    <forward-port to-addr="192.168.100.2" to-port="22"
protocol="tcp"
port="2222"/>
  </rule>
</zone>
# Oops! It's still here. :)
<\Permanent Configuration>

Permanent Configuration - Is it a bug or a feature?

poma

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

firewall-cmd - rich-rule - permanent configuration