Re: Ordering rich rules
Hello Jeff,
On 08/26/2016 07:04 PM, Jeff White wrote:
Is there any way to order rich rules in firewalld on CentOS 7? If I
remove all
rules and add them back in firewalld seems to put them in whatever order it
feels like.
Alternatively, can I change the default policy of a firewalld zone? At the
moment I don't see any way to have a zone accept traffic by default other than
adding a rich rule allowing 0.0.0.0/0; and I don't see a way to ensure that
rule is at the bottom.
code has already been added last week to fix the reorder issue of items in a
zone element when items are added to or removed from this element. This should
fix the issue with changes in the order:
https://github.com/t-woerner/firewalld/commit/6bf6b97f8328e70adde8a96d716...
Normally rules are ordered according to the action that is used in the rule
into the _log, _deny and _allow chains in that zone. The chains are processed
in this order, by the way.
But there is no support to change the order of rich rules for example in the
GUI and also command line tools. With the automatic placement in the chains I
am not sure that a reordering could be done in a simple way that will also be
visible in the GUI. Think about the duplication of rules for example to be able
to do logging.
Regards,
Thomas