[CentOS] Firewalld

Mon Oct 12 15:45:50 UTC 2015
Paul Heinlein <heinlein at madboa.com>

On Mon, 12 Oct 2015, Ian Mortimer wrote:

> On Sun, 2015-10-11 at 15:00 -0700, Emmett Culley wrote:
>> I assume there must be a different set of configuration files that 
>> are accessed upon reboot than those accessed upon firewalld 
>> restart.
> The saved rules are under /etc/firewalld/zones.  The rules for the 
> default zone should be the ones loaded.  The default zone is defined 
> in /etc/firewalld/firewalld.conf.

It may be worth noting that most firewalld changes require two 
invocations of firewall-cmd, one with "--permanent" and one without:

# this makes an immediate change that will not last past next
# reboot or service restart
firewall-cmd --zone="public" --set-target="ACCEPT"

# this makes no immediate change, but it will take effect at
# next reboot or service restart
firewall-cmd --zone="public" --set-target="ACCEPT" --permanent

Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W