On 12/19/2017 3:55 PM, Emmett Culley wrote:
That was the clue I needed.
I'm fighting a firewalld mystery myself, mostly a result of not really understanding the philosophy of the thing and trying to sleuth it out by black boxing it. But fortunately this is open source, so I'm also grepping the firewalld sources to figure out where these mysteries are coming from:
https://github.com/firewalld/firewalld
firewalld creates a lot of iptables/netfilter rules, which makes it hard to follow what's going on. I may cobble together a netfilter visualization tool that will take iptables-save and convert it into a graph in GraphViz dot file format to try to figure out what's going on. I found a Python program that seems like a partial attempt to create this, but it seems incomplete. The dot files lack connections between the chains so I just get a bunch of floating bubbles with chain names. The program assumes that uppercase chain names are terminal nodes, and firewalld loves to create chains with uppercase names.