Questions tagged [firewalld-zone]
25 questions
0
votes
1 answer
Difficulty with Firewalld Blocking Traffic in Absence of IPTABLES Data
I have noticed that Firewalld is actively blocking incoming and outgoing connections, which is causing disruptions in my network communication. However, upon checking the system, I discovered that no explicit IPTABLES rules are set. This is puzzling…
UME
- 111
- 2
0
votes
0 answers
exclude a subnet from a firewalld zone?
We have a, historically grown, rather complicated network layout, forcing me to build complex and hard-to-manage firewalld zones. One thing that would really help me is if there was a way to exclude one subnet from a zone, but I have not found a way…
Kevin Keane
- 900
- 1
- 8
- 13
0
votes
1 answer
firewalld apply interface zone after ipset zone match
I have a firewalld setup with two zones.
One zone, some-ips-allowed, is used to permit traffic from specific IP networks on some ports:
some-ips-allowed (active)
target: default
icmp-block-inversion: no
interfaces:
sources:…
rubikonx9
- 101
- 3
0
votes
0 answers
firewalld in RHEL9 -do I have to whitelist sources on public zone now?
we've just built our first webserver on RHEL9 (alma linux 9.1) being used to RHEL 7 (centos 7) mostly.
the firewalld config all seems the same, but when setting up our usual security setup of:
https (service) through the public zone, and then…
0
votes
1 answer
Firewalld without interfaces on public zone
On my Oracle Cloud server, the public zone has no interfaces attached, neither does any of the other zones.
But still if I allow a port in the public zone, it does allow the traffic through.
So why is it not needed to add the adaptor (eth0 or…
Maestro
- 265
- 1
- 3
- 9
0
votes
1 answer
firewall-cmd - adding 0.0.0.0/0 as a source in one zone blocks more specific access in another zone
I have two firewalld zones configured as follows:
zone: ssh-access
source: 1.2.3.4
ports: 9999/tcp
zone: other-access
source: 5.6.7.8
ports: 8888/tcp
We temporarily want to unrestrict access to the ssh-access zone on port 9999/tcp so we replace…
Chris
- 101
- 1
0
votes
1 answer
How to add a new zone in firewalld without blocking `port=80/tcp` in `zone=public` in Ubuntu 20.04
I'm not too familiar with firewalld, but I thought I'd try it out on Ubuntu20.04. The problem I'm having is that port=80/tcp in zone=public gets blocked every time I try to add a new zone.
So my question is: how do I add a new zone without it…
John
- 7,343
- 23
- 63
- 87
0
votes
2 answers
Templating firewalld zones with ansible - issue with xml or vars
Templating firewalld zones with ansible - issue with xml manipulation
I am running into a small bit of confusion for the rule family.
whats in my CORRECTED vars file:
firewalld_zones:
- name: public
short: "Public"
description: "Public…
Wipiid
- 1
- 2
0
votes
0 answers
firewalld allow ssh only from one predefined IP host or AS number net
I am using CentOS Linux release 7.9.2009 in minimal installation and firewalld .
[root@centosmin firewalld]# uname -a
Linux centosmin 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
There are similar…
Tito
- 143
- 1
- 8
0
votes
0 answers
How to get an IP address blocked with firewall-cmd with immediate effect?
I am having a problem, with dropping traffic using FirewallD.
I start a continuous ping from host1.example.com (192.0.2.101) to host2.example.com (192.0.2.102), and when I execute either of the below commands on host2:
firewall-cmd -q --permanent…
Sasha
- 1
- 2