Is there any way to order rich rules in firewalld? If I remove all rules and add them back in firewalld seems to put them in whatever order it feels like.
Alternatively, how can I change the default policy of a firewalld zone? At the moment I don't see any way to have a zone accept traffic by default other than adding a rich rule allowing 0.0.0.0/0.
On Fri, August 26, 2016 11:21 am, Jeff White wrote:
Is there any way to order rich rules in firewalld?
Requesting any features should go to either RedHat, as CentOS, crudely stated, is "binary replica" of RedHat Enterprise" Linux. Or to open source firewalld project:
I hope, this helps.
Valeri
If I remove all rules and add them back in firewalld seems to put them in whatever order it feels like.
Alternatively, how can I change the default policy of a firewalld zone? At the moment I don't see any way to have a zone accept traffic by default other than adding a rich rule allowing 0.0.0.0/0.
-- Jeff White HPC Systems Engineer Information Technology Services - WSU
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
How about http://www.firewalld.org/documentation%C2%A0 -> firewall.direct(5) https://twoerner.fedorapeople.org/firewalld/doc/firewalld.direct.html
priority="priority" The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following.
Sounds like the way to force the order.
Dan White | d_e_white@icloud.com ------------------------------------------------ “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” (Bill Waterson: Calvin & Hobbes)
On Aug 26, 2016, at 12:21 PM, Jeff White jeff.white@wsu.edu wrote:
Is there any way to order rich rules in firewalld? If I remove all rules and add them back in firewalld seems to put them in whatever order it feels like.
Alternatively, how can I change the default policy of a firewalld zone? At the moment I don't see any way to have a zone accept traffic by default other than adding a rich rule allowing 0.0.0.0/0.
On Aug 26, 2016, at 13:25, Dan White d_e_white@icloud.com wrote:
How about http://www.firewalld.org/documentation -> firewall.direct(5) https://twoerner.fedorapeople.org/firewalld/doc/firewalld.direct.html
priority="priority" The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following.
Sounds like the way to force the order.
Dan White | d_e_white@icloud.com
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” (Bill Waterson: Calvin & Hobbes)
On Aug 26, 2016, at 12:21 PM, Jeff White jeff.white@wsu.edu wrote:
Is there any way to order rich rules in firewalld? If I remove all rules and add them back in firewalld seems to put them in whatever order it feels like.
Alternatively, how can I change the default policy of a firewalld zone? At the moment I don't see any way to have a zone accept traffic by default other than adding a rich rule allowing 0.0.0.0/0.
I believe the priority feature is introduced in a version later than what is in CentOS 7. However, I believe the 7.3 update (in beta now for RHEL) has a version that supports priority.
-- Jonathan Billings
i'm on CentOS Linux release 7.2.1511 (Core) and firewalld 0.3.9 and it works, has been for a few months, perfectly fine.
On 26/08/16 23:46, Jonathan Billings wrote:
I believe the priority feature is introduced in a version later than what is in CentOS 7. However, I believe the 7.3 update (in beta now for RHEL) has a version that supports priority.
-
Dan White -
Jeff White -
Jonathan Billings -
lejeczek -
Valeri Galtsev