1:40 a.m.
I think the following is a "bug" even if it is just minor. This is on F32.
[root@meimei ~]# firewall-cmd --get-active-zone
libvirt
interfaces: virbr0
public
interfaces: wlp4s0 enp2s0
The following seems correct for enp2s0.
[egreshko@meimei ~]$ firewall-cmd --get-zone-of-interface=enp2s0
public
[root@meimei ~]# firewall-cmd --query-interface=enp2s0
yes
But then for virbr0
[root@meimei ~]# firewall-cmd --get-zone-of-interface=virbr0
libvirt
Seems fine, yet this is "no"
[root@meimei ~]# firewall-cmd --query-interface=virbr0
no
but
[root@meimei ~]# firewall-cmd --zone=libvirt --query-interface=virbr0
yes
To make matters more confusing to me.
[root@meimei ~]# firewall-cmd --list-interfaces
wlp4s0 enp2s0
Why isn't virbr0 listed when --get-active-zone shows that as an interface?
--
The key to getting good answers is to ask good questions.
12:53 p.m.
On Sun, May 17, 2020 at 02:40:45PM +0800, Ed Greshko wrote:
I think the following is a "bug" even if it is just
minor. This is on F32.
[root@meimei ~]# firewall-cmd --get-active-zone
libvirt
 interfaces: virbr0
public
 interfaces: wlp4s0 enp2s0
The following seems correct for enp2s0.
[egreshko@meimei ~]$ firewall-cmd --get-zone-of-interface=enp2s0
public
[root@meimei ~]# firewall-cmd --query-interface=enp2s0
yes
But then for virbr0
[root@meimei ~]# firewall-cmd --get-zone-of-interface=virbr0
libvirt
Seems fine, yet this is "no"
[root@meimei ~]# firewall-cmd --query-interface=virbr0
no
If --zone is not specified then the default zone is assumed. In your
case probably "FedoraWorkstation" or "public".
From the firewall-cmd(1) man page:
Options to Adapt and Query Zones
Options in this section affect only one particular zone. If
used with --zone=zone option, they affect the zone zone. If
the option is omitted, they affect default zone (see
--get-default-zone).
but
[root@meimei ~]# firewall-cmd --zone=libvirt --query-interface=virbr0
yes
To make matters more confusing to me.
[root@meimei ~]# firewall-cmd --list-interfaces
wlp4s0 enp2s0
Why isn't virbr0 listed when --get-active-zone shows that as an interface?
See above comment. Same reason.
5:11 p.m.
On 2020-05-18 01:53, Eric Garver wrote:
On Sun, May 17, 2020 at 02:40:45PM +0800, Ed Greshko wrote:
> I think the following is a "bug" even if it is just minor. This is on
F32.
>
> [root@meimei ~]# firewall-cmd --get-active-zone
> libvirt
> Â interfaces: virbr0
> public
> Â interfaces: wlp4s0 enp2s0
>
> The following seems correct for enp2s0.
>
> [egreshko@meimei ~]$ firewall-cmd --get-zone-of-interface=enp2s0
> public
>
> [root@meimei ~]# firewall-cmd --query-interface=enp2s0
> yes
>
> But then for virbr0
>
> [root@meimei ~]# firewall-cmd --get-zone-of-interface=virbr0
> libvirt
>
> Seems fine, yet this is "no"
>
> [root@meimei ~]# firewall-cmd --query-interface=virbr0
> no
If --zone is not specified then the default zone is assumed. In your
case probably "FedoraWorkstation" or "public".
From the firewall-cmd(1) man page:
Options to Adapt and Query Zones
Options in this section affect only one particular zone. If
used with --zone=zone option, they affect the zone zone. If
the option is omitted, they affect default zone (see
--get-default-zone).
Thanks. That is a long man page and I apparently missed it.
1433
days inactive
1433
days old
firewalld-users@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Ed Greshko -
Eric Garver