On 11/6/2015 1:31 PM, Nick Bright wrote:
One of my biggest frustrations with CentOS 7 has been firewalld.
Essentially all of the documentation just flat doesn't work.
One common thing that needs to be done is to change the zone of an interface, however I've tried:
firewall-cmd --permanent --zone=internal --change-interface=ens192 firewall-cmd --permanent --zone=internal --add-interface=ens192
I've also tried setting in /etc/sysconfig/network-scripts/ifcfg-ens192:
ZONE=internal ZONE="internal"
No matter what, when firewalld starts, ens192 will be in the public zone.
What am I doing wrong? Why does the documented command structure not work?
I haven't messed with firewalld yet, so the following is purely conjecture...
does
firewall-cmd --get-zones
list this "internal" zone ? if not, you may need to create it first,
firewall-cmd --permanent --new-zone=internal firewall-cmd --reload
THEN assign your interface to it,
firewall-cmd --permanent --zone=internal --change-interface=ens192