Here is my firewalld configuration:
firewall-cmd --zone=abc --list-all
abc (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: eth0
sources:
services:
ports:
protocols:
masquerade: no
forward-ports: port=162:proto=udp:toport=9162:toaddr=
sourceports:
icmp-blocks:
rich rules:
rule family="ipv4" source NOT address="127.0.0.1" port port="2181" protocol="tcp" reject
rule family="ipv6" source NOT address="::1" port port="2181" protocol="tcp" reject
I have standalone hbase with zookeeper listening on :::2181
netstat -tulnp | grep 2181
tcp6 0 0 :::2181 :::* LISTEN 3400/java
When I try to login to the zookeeper shell using ipv4 address, the connection gets refused. Whereas if I login using the ipv6 address, the connection is accepted.
sudo /usr/lib/zookeeper/bin/zkCli.sh -server 1.2.3.4:2181 # connection refused
sudo /usr/lib/zookeeper/bin/zkCli.sh -server fe80::87:6cf2:fe35:1234:2181 # connection accepted
What is wrong with my firewalld configuration here? If I remove the rich rules then both ipv4 and ipv6 connections get accepted. How is it that only one rule is getting applied successfully?
I am new to systems configuration and I am guessing that I am basically doing the opposite of how a firewall should be used. That is, allow only specific connections and block the rest. But since this is used in cloud environments, the outer firewall takes care of all the other connections. This is a special requirement.
Any help is appreciated.
TIA, Nikhil
