Re: firewalld question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Oh, I see, that's very useful to know.

But if I do add a rule to iptables, then that should get translated into 
an nft rule? And should be honored? Because the rule I put in firewalld 
does show up as an nft rule, but doesn't block anything.



On Mon, 19 Jun 2023 10:20:02 -0400, Jonathan Billings wrote:

> On Jun 19, 2023, at 09:08, Amadeus WM via users
> <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>> 
>> So after digging a bit more into this,
>> 
>> firewall-cmd --get-active-zone FedoraWorkstation
>>  interfaces: enp8s0
>> docker
>>  interfaces: docker0
>> 
>> firewall-cmd --get-default-zone FedoraWorkstation
>> 
>> 
>> firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
>> value="tcp" destination address='aa.bb.0.0/16' reject"
>> 
>> This shows in
>> 
>> firewall-cmd --list-all       # FedoraWorkstation (active)
>> 
>> as well as in nft:
>> 
>> nft list ruleset
>> 
>> chain filter_IN_FedoraWorkstation_deny {
>>                ip daddr a.b.0.0/16 meta l4proto tcp reject with icmp
>> port-unreachable
>>        }
>> 
>> but it doesn't show in iptables at all.
>> 
>> So I suppose the rule got inserted properly, but why does it not do
>> anything?
> 
> If you are basing your conclusion from the output of iptables, you
> should know that iptables in Fedora is just another front end to nft,
> and it doesn’t show all the nft rulesets.  It’s just there for backwards
> comparability.
> 
> 
> --
> Jonathan Billings _______________________________________________
> users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send
> an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/
users@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux