Recently, my Firewalld updated to 0.7.0_5, likely when I upgraded from CentOS 8.0 to 8.1.
Everything was working fine since I started using Firewalld under CentOS 7, I believe.
For the past few weeks, I was having issues on my network with connecting to services like
Facebook and Apple. I could get to the main https page, but when it would try to pull
another page (like Facebook has its content page, or Apple has its SSO page), browsers
would just spin.
I had a test laptop which I could reproduce the issue on, and when I plugged it directly
into the cable modem, the issue went away.
So, we know it's the firewall/configuration.
I've spent about a week working on this, posted a post over in CentOS forum, even
opened a bug report:
https://forums.centos.org/viewtopic.php?f=56&t=74241
https://bugs.centos.org/view.php?id=17310
To summarize the the data:
After enabling the logging in firewalld, the firewall is blocking a lot of items it
shouldn't be:
1) All of the Internal devices should have free access to the server.
2) All of the Internal devices should have full access to the Internet.
3) Once a connection is established between the Internal system and an External (Internet)
system, those related packets should be accepted.
4) All external traffic (besides a very specific rule allowing ssh from one class-C
Internet subnet, and http/https) should be blocked.
What I'm looking for is, with every other previous iteration of Red Hat and CentOS,
I've been able to locate good examples of how to configure NAT and masquerade. A basic
home router. ipchains, iptables, firewall builder, and now, nftables and firewalld. But I
can't find a good "how to" on how to properly set-up nftables and
firewalld.
I love firewalld's management, both commandline and GUI (with firewall-config), but
right now, things are broken.
Initially, I suspected it was either an issue with helpers (AutomaticHelpers), or an issue
with the AllowZoneDrifting that just changed, seeing as it's blocking return packets.
But it's also blocking some internal packets as well (which it shouldn't be), as
well as mutlicast internal, and some other weird stuff.
Is there something I'm missing?
I've spent the entire week banging my head against this, clearing out firewalld rules,
rebooting, starting from scratch again, making it possibly worse. I'm not sure.
I'd love some help, though.
Thanks!