Hello,
Finally, my approach was not compliant with firewalld implementation.
I understood that after reading to
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...
<
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...
reply.
One good approach to implement a setup based on services is:
- zones define network (through sources or ifaces)
- policies manage flow behaviour with the services
Now the setup is like that:
There is one zone per network with an ipset associated in it.
There is one policy per service with:
- service = <concerned service>
- ingress zone = <concerned zone>
- egress zone = HOST
- target = CONTINUE
Hope that helps.
Many Thanks.