On Tue, Apr 07, 2020 at 05:49:24AM -0000, Steven Moyse wrote:
From my reading and experiments it seems that I cannot block outgoing
traffic for a particular zone or device.
I ask because I would like to connect to A VPN, then allow only ssh and DNS traffic to
that VPN.
Other traffi
I can do this using the direct interface, but the rules apply globally not just to the
zone.
This command will create a rule that disables all outgoing connections despite seeming to
support the zone argument.
firewall-cmd --zone=myvpn --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
The --zone argument is ignored. We should likely be throwing an error
here.
So if someone could please confirm that what I am asking is not
possible.
Confirmed. You must use a direct rule.
Work on native OUTPUT/FORWARD filtering is in progress. Hopefully it's
ready for the next feature release.