On 06/05/2015 10:39 AM, Marcos Felipe Rasia de Mello wrote:

When I do this:

systemctl stop firewalld.service
rm -f /etc/firewalld/zones/*
rm -f /etc/firewalld/direct.xml*
systemctl start firewalld.service

firewalld enables by default masquerade on my external network:

grep ZONE /etc/sysconfig/network-scripts/ifcfg-*
/etc/sysconfig/network-scripts/ifcfg-Conexão_cabeada_1:ZONE=external
/etc/sysconfig/network-scripts/ifcfg-Conexão_cabeada_2:ZONE=trusted

firewall-cmd --zone=external --query-masquerade
yes

Unexpected I think. Is there other way to reset all firewalld settings?

firewalld-0.3.13-2.fc21.noarch here.

_______________________________________________
firewalld-users mailing list
firewalld-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users

If you've got KVM/qemu/libvirt loaded, they have their own scripts and tie-ins with iptables that do not go through firewalld. Masquerading is automagically configured for guests on the internal NAT network.