Firewalld Policiy

[Earl Ramirez <earlaramirez@xxxxxxxxx>]

Good day all,

I have been trying to manage the egress traffic with firewalld and haven't been successful.

I created a firewalld policy with the following

ingress zone: dmz

egress zone: drop

For the dmz zone the source IP address is assigned while the interface is assigned to drop.

My understanding is that the ingress zone is traffic affects the input chain while the egress is traffic on the output chain.

The policy shows active; however, traffic is still permitted in both directions.

Below are examples of the policy and zones respectively.

test (active)
  priority: -1
  target: DROP
  ingress-zones: dmz
  egress-zones: drop
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

dmz (active)
  target: default
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces:
  sources: 192.168.10.20
  services:
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

drop (default, active)
  target: DROP
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: eno2
  sources:
  services:
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

I'm I missing something? Any guidance would be truly appreciated

--

Kind Regards
Earl Ramirez

-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue