I have been using direct-rules. I just upgraded to fedora 36 and looks like I can't use direct-rules anymore. Is this true?
Also from some google searches, I have come to understand that direct-rules can be replaced with rich-rules. Is this true?
I have a lot of rules that need to be converted, so will be asking for help for them. So I will just start by asking some simple ones. How do I convert the following rule to a rich-rule?
firewall-cmd --direct --add-rule ipv4 mangle PREROUTING 0 -p tcp -s $WEBSAFETY0_PODIP --dport 80 -j MARK --set-mark $WEBMARK
Does it matter which zone "$WEBSAFETY0_PODIP" is located in, if the $WEBMARK uses a routing table that posroutes the packet onto an interface on the external zone?
Comparing the default nft rulesets of firewalld and ufw (on Debian 11), I note that ufw provides a qualified 'policy drop' for input, but firewalld does not.
Isn't this less secure, and shouldn't it?