On 11/6/2015 3:58 PM, James Hogarth wrote:
I have a couple of relevant articles you may be interested in ...
On assigning the zone via NM:
https://www.hogarthuk.com/?q=node/8
Look down to the "Specifying a particular firewall zone" bit ...
remember that if you edit the files rather than using nmcli you must
reload NM (or do nmcli reload) for that to take effect.
If you specify a zone in NM then this will override the firewalld
configuration if the zone is specified there.
Here's some firewalld stuff:
https://www.hogarthuk.com/?q=node/9
Don't forget that if you use --permanent on a command you need to do a
reload for it to read the config from disk and apply it.
Thanks for the articles, they're informative.
Here's what's really irritating me though.
firewall-cmd --zone=internal --change-interface=ens224 --permanent
^^ This command results in NO ACTION TAKEN. The zone IS NOT CHANGED.
firewall-cmd --zone=internal --change-interface=ens224
This command results in the zone of ens224 being changed to internal, as
desired. Of course, this is not permanent.
As such, firewall-cmd --reload (or a reboot, ect) will revert to the
public zone. To save the change, one must execute firewall-cmd
--runtime-to-permanent.
This is very frustrating, and not obvious. If --permanent doesn't work
for a command, then it should give an error - not silently fail without
doing anything!
--
-----------------------------------------------
- Nick Bright -
- Vice President of Technology -
- Valnet -=- We Connect You -=- -
- Tel 888-332-1616 x 315 / Fax 620-331-0789 -
- Web http://www.valnet.net/ -
-----------------------------------------------
- Are your files safe? -
- Valnet Vault - Secure Cloud Backup -
- More information & 30 day free trial at -
- http://www.valnet.net/services/valnet-vault -
-----------------------------------------------
This email message and any attachments are intended solely for the use of the addressees hereof. This message and any attachments may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. If you have received this message in error, please promptly notify the sender by reply E-mail and immediately delete this message from your system.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
