firewalld --permanent not working after service reload

Question

I have a fedora firewall that has two interfaces. When I try to do firewall-cmd --permanent --zone=external --add-interface=eno1 and then reload firewalld with firewall-cmd --reload, the interface does not seem to be added. firewall-cmd --get-active-zones shows both eno1 and eno2 sitting in the public, which is the default, zone. There is a file in /etc/firewalld/zones/external.xml:

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>External</short>
  <description>For use on external networks. You do not trust the other computers on networks to not harm
 your computer. Only selected incoming connections are accepted.</description>
  <interface name="eno1"/>
  <service name="ssh"/>
  <masquerade/>
</zone>

score 0 · Accepted Answer · answered Aug 07 '15 at 15:44

Remember that if you are using NetworkManager (you almost certainly are) then the network configuration for each interface will override the firewalld configuration.

To set the firewall zone for an interface in this circumstance, be sure to add it to, e.g., /etc/sysconfig/network-scripts/ifcfg-eno1.

ZONE="external"

firewalld --permanent not working after service reload

1 Answers1

Linked