Firewalld not working properly on Centos7
by John Housty
Installed it with yum (yum install firewalld)
ran systemclt status firewalld which says it's running. However when I run firewall-cmd --state it says not running.
Also if I do firewall-cmd --get-default-zone, nothing shows up!
How can I resolve this? I already uninstalled and reinstalled with yum and the same thing happens.
8 years
Firewalld Quirks
by Lesley Kimmel
All;
I am ramping up on firewalld (RHEL7) and was looking for confirmation on a
couple of quirks that I noticed. If I'm wrong please correct me on the
appropriate course(s) of action:
a) I was attempting to configure a private NIC to allow only multicast
traffic (IP range) from a specific subnet:
$ firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source
address="<allowed_subnet>" destination address="<multicast_address>" accept'
OUTPUT: Error: INVALID_RULE: destination action
It appears that it is not permissible to use BOTH source and destination
address in a rich rule even though this is a perfectly acceptable IPTables
rule. Is this the intended behavior or is a fix in the works? I had to do a
direct rule with the above criteria ($ firewall-cmd --permanent --direct
--add-rule ipv4 filter IN_internal_allow 0 -s <allowed_subnet> -d
<multicast_address> -j ACCEPT
b) When having multiple interfaces (e.g. eth0, eth1) and a single 'default'
zone, both interfaces are included in that default zone. However, I noticed
that when having a default zone (say 'public'), adding one of the
interfaces (eth1) to a second zone ('internal'), and reloading the firewall
eth0 is no longer in the default zone. In fact is is not configured in any
zone. It seems that once I add one interface explicitly to a zone I have to
explicitly add all interfaces to some zone(s). Why don't unspecified
interfaces automatically fall into the default zone?
Thanks,
-LJK
8 years
tftp forward
by Steffen Sledz
We like to forward all tftp request to another tftp server.
Here's the scenario in detail:
* The server has three interfaces eth0, eth1, eth2 (with three different IP subnets).
* All interfaces are assigned to the trusted zone.
* No masquerading.
* All tftp requests to the server should be redirected to another server in the eth0 subnet.
Is this possible with firewalld?
--
DResearch Fahrzeugelektronik GmbH
Otto-Schmirgal-Str. 3, 10319 Berlin, Germany
Tel: +49 30 515932-237 mailto:sledz@dresearch-fe.de
Fax: +49 30 515932-299
Geschäftsführer: Dr. Michael Weber, Werner Mögle;
Amtsgericht Berlin Charlottenburg; HRB 130120 B;
Ust.-IDNr. DE273952058
8 years
Roll Call
by Lesley Kimmel
Is there anyone on this list? There doesn't seem to be much (if any)
activity on it.
-LJK
8 years