Adding an interface to trusted seems to de-activate the public zone, but not change the default zone.
sh-4.2# firewall-cmd --zone=trusted --add-interface=ens33
The interface is under control of NetworkManager, setting zone to 'trusted'.
success
sh-4.2# firewall-cmd --get-default-zone
public
sh-4.2# firewall-cmd --zone=public --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: smtp submission
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
sh-4.2# firewall-cmd --get-active-zones
work
sources: a.b.75.64/27 a.b.111.0/24
internal
sources: a.b.0.0/16
trusted
interfaces: ens33
sources: a.b.75.66 a.b.141.137 a.b.249.25 a.b.249.254
---
Chad Cordero
Information Technology Consultant
Enterprise & Cloud Services
Information Technology Services
California State University, San Bernardino
5500 University Pkwy
San Bernardino, CA 92407-2393
Main Line: 909/537-7677
Direct Line: 909/537-7281
Fax: 909/537-7141
http://support.csusb.edu/
---
Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
From: Dick <dick@mrns.nl>
Reply-To: Firewalld users discussion list <firewalld-users@lists.fedorahosted.org>
Date: Wednesday, April 19, 2017 at 4:35 AM
To: Firewalld users discussion list <firewalld-users@lists.fedorahosted.org>
Subject: Re: Trusted zone not working
I don't see any interfaces added to trusted, afaik firewalld requires an interface to be specified for a zone.
For some reason my trusted host, a.b.249.25, (a.b represents my subnet) cannot
access ssh. Is there some limit to the number of zones I can have?
sh-4.2# firewall-cmd --zone=trusted --list-all
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources: a.b.141.137 a.b.249.25 a.b.249.254 a.b.75.66
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
_______________________________________________
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org