we've just built our first webserver on RHEL9 (alma linux 9.1) being used to RHEL 7 (centos 7) mostly.
the firewalld config all seems the same, but when setting up our usual security setup of:
https (service) through the public zone, and then adding more sensitive remote services (ssh, mysql, cockpit) through the work zone, with a whitelist of sources.
however this setup as we normally have it on RHEL 7 wouldn't allow any https traffic through the public zone unless a source was explicitly whitelisted.
as a short term fix, I've added 0.0.0.0/0 as a source to the public zone, but that's not ipv6 compatible, and I can't see anything in the firewalld documentation for RHEL 9 that implies this is necessary. I was under the assumption that the public zone was set to all sources until you start whitelisting them.
can anyone either confirm that firewalld is now specifically requiring this kind of explicit opening of sources, or point out something else I might have missed?
