Hi,
I asked this earlier on the CentOS ML and got the pointer to ask here.
Firewalld-0.9.3-7 on EL8.5
I have some ansible roles which each create some firewalld rich-rules.
For ansible idempotency I tried to remove any dns related rich-rules
before creating new ones in the dns playbook. After some searching I
came up with this:
#!/bin/bash
OLDIFS=$IFS
IFS=''
while read -r line; do firewall-cmd --zone=public --permanent
--remove-rich-rule=\'$line\'; done <<< $(firewall-cmd --zone=public
--list-rich-rules | egrep 'dns|53')
IFS=$OLDIFS
But this fails with for example:
Error: INVALID_RULE: internal error in _lexer(): rule family="ipv4"
source NOT address="46.23.XX.0/24" forward-port port="53"
protocol="udp"
to-port="60053" to-addr="46.23.XX.53"
Using the line from the error prepended with firewall-cmd --zone=public
--permanent --remove-rich-rule= works fine. My googling & variations
came up empty. Anyone know why this is failing and could possibly share
how to make this work?
Thanks!
Best,
Patrick
Show replies by date