[CentOS] firewalld being stupid
Pete Travis
lists at petetravis.com
Fri Nov 6 21:49:10 UTC 2015
On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote:
>
> Greetings,
>
> One of my biggest frustrations with CentOS 7 has been firewalld.
>
> Essentially all of the documentation just flat doesn't work.
>
> One common thing that needs to be done is to change the zone of an
interface, however I've tried:
>
> firewall-cmd --permanent --zone=internal --change-interface=ens192
> firewall-cmd --permanent --zone=internal --add-interface=ens192
>
> I've also tried setting in /etc/sysconfig/network-scripts/ifcfg-ens192:
>
> ZONE=internal
> ZONE="internal"
>
> No matter what, when firewalld starts, ens192 will be in the public zone.
>
> What am I doing wrong? Why does the documented command structure not work?
>
> --
> -----------------------------------------------
> - Nick Bright -
Firewalld does physical interfaces, NetworkManager has profiles on top of
them. NM can specify a zone and communicate it to firewalld - which should
work from your ifcfg edit - but the reverse currently doesn't happen. Try
with nmcli:
nmcli con modify ens19p0 connection.zone internal
...btw, the insertion of the 'p' was deliberate, I've seen more device
names of that form. doublecheck your device name too.
--Pete
More information about the CentOS
mailing list