On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote: > > Greetings, > > One of my biggest frustrations with CentOS 7 has been firewalld. > > Essentially all of the documentation just flat doesn't work. > > One common thing that needs to be done is to change the zone of an interface, however I've tried: > > firewall-cmd --permanent --zone=internal --change-interface=ens192 > firewall-cmd --permanent --zone=internal --add-interface=ens192 > > I've also tried setting in /etc/sysconfig/network-scripts/ifcfg-ens192: > > ZONE=internal > ZONE="internal" > > No matter what, when firewalld starts, ens192 will be in the public zone. > > What am I doing wrong? Why does the documented command structure not work? > > -- > ----------------------------------------------- > - Nick Bright - Firewalld does physical interfaces, NetworkManager has profiles on top of them. NM can specify a zone and communicate it to firewalld - which should work from your ifcfg edit - but the reverse currently doesn't happen. Try with nmcli: nmcli con modify ens19p0 connection.zone internal ...btw, the insertion of the 'p' was deliberate, I've seen more device names of that form. doublecheck your device name too. --Pete