On 04/19/2017 06:48 PM, Chad Cordero wrote:
Adding an interface to trusted seems to de-activate the public zone,
but not change the default zone.
The default zone is not selected according to used zones. It is defined in the
firewalld.conf file and you can change the default zone with all firewalld tools.
>
>
> sh-4.2# firewall-cmd --zone=trusted --add-interface=ens33
>
> The interface is under control of NetworkManager, setting zone to 'trusted'.
>
> success
>
> sh-4.2# firewall-cmd --get-default-zone
>
> public
>
> sh-4.2# firewall-cmd --zone=public --list-all
>
> public
>
> target: default
>
> icmp-block-inversion: no
>
> interfaces:
>
> sources:
>
> services: smtp submission
>
> ports:
>
> protocols:
>
> masquerade: no
>
> forward-ports:
>
> sourceports:
>
> icmp-blocks:
>
> rich rules:
>
>
>
> sh-4.2# firewall-cmd --get-active-zones
>
> work
>
> sources: a.b.75.64/27 a.b.111.0/24
>
> internal
>
> sources: a.b.0.0/16
>
> trusted
>
> interfaces: ens33
>
> sources: a.b.75.66 a.b.141.137 a.b.249.25 a.b.249.254
>
>
>
>
>
>
> ---
> Chad Cordero
> Information Technology Consultant
>
> Enterprise & Cloud Services
>
> Information Technology Services
>
> California State University, San Bernardino
> 5500 University Pkwy
> San Bernardino, CA 92407-2393
> Main Line: 909/537-7677
>
> Direct Line: 909/537-7281
>
> Fax: 909/537-7141
>
>
http://support.csusb.edu/
>
>
>
> ---
>
> Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and
may contain confidential and privileged information protected from disclosure. If the
reader of this message is not the intended recipient, or an employee or agent responsible
for delivering this message to the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly prohibited. If
you have received this communication in error, please notify us immediately by replying to
the message and deleting it from your computer.
>
>
>
> From: Dick <dick(a)mrns.nl>
> Reply-To: Firewalld users discussion list
<firewalld-users(a)lists.fedorahosted.org>
> Date: Wednesday, April 19, 2017 at 4:35 AM
> To: Firewalld users discussion list <firewalld-users(a)lists.fedorahosted.org>
> Subject: Re: Trusted zone not working
>
>
>
> I don't see any interfaces added to trusted, afaik firewalld requires an
interface to be specified for a zone.
>
>
>
> For some reason my trusted host, a.b.249.25, (a.b represents my subnet) cannot
>
> access ssh. Is there some limit to the number of zones I can have?
>
>
>
> sh-4.2# firewall-cmd --zone=trusted --list-all
>
> trusted (active)
>
> target: ACCEPT
>
> icmp-block-inversion: no
>
> interfaces:
>
> sources: a.b.141.137 a.b.249.25 a.b.249.254 a.b.75.66
>
> services:
>
> ports:
>
> protocols:
>
> masquerade: no
>
> forward-ports:
>
> sourceports:
>
> icmp-blocks:
>
> rich rules:
>
> _______________________________________________
>
> firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
>
> To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
>
>
>
>
>
>
> _______________________________________________
> firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
> To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
>