Installed it with yum (yum install firewalld)
ran systemclt status firewalld which says it's running. However when I run firewall-cmd --state it says not running.
Also if I do firewall-cmd --get-default-zone, nothing shows up!
How can I resolve this? I already uninstalled and reinstalled with yum and the same thing happens.
I am ramping up on firewalld (RHEL7) and was looking for confirmation on a
couple of quirks that I noticed. If I'm wrong please correct me on the
appropriate course(s) of action:
a) I was attempting to configure a private NIC to allow only multicast
traffic (IP range) from a specific subnet:
$ firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source
address="<allowed_subnet>" destination address="<multicast_address>" accept'
OUTPUT: Error: INVALID_RULE: destination action
It appears that it is not permissible to use BOTH source and destination
address in a rich rule even though this is a perfectly acceptable IPTables
rule. Is this the intended behavior or is a fix in the works? I had to do a
direct rule with the above criteria ($ firewall-cmd --permanent --direct
--add-rule ipv4 filter IN_internal_allow 0 -s <allowed_subnet> -d
<multicast_address> -j ACCEPT
b) When having multiple interfaces (e.g. eth0, eth1) and a single 'default'
zone, both interfaces are included in that default zone. However, I noticed
that when having a default zone (say 'public'), adding one of the
interfaces (eth1) to a second zone ('internal'), and reloading the firewall
eth0 is no longer in the default zone. In fact is is not configured in any
zone. It seems that once I add one interface explicitly to a zone I have to
explicitly add all interfaces to some zone(s). Why don't unspecified
interfaces automatically fall into the default zone?
We like to forward all tftp request to another tftp server.
Here's the scenario in detail:
* The server has three interfaces eth0, eth1, eth2 (with three different IP subnets).
* All interfaces are assigned to the trusted zone.
* No masquerading.
* All tftp requests to the server should be redirected to another server in the eth0 subnet.
Is this possible with firewalld?
DResearch Fahrzeugelektronik GmbH
Otto-Schmirgal-Str. 3, 10319 Berlin, Germany
Tel: +49 30 515932-237 mailto:firstname.lastname@example.org
Fax: +49 30 515932-299
Geschäftsführer: Dr. Michael Weber, Werner Mögle;
Amtsgericht Berlin Charlottenburg; HRB 130120 B;