[CentOS] firewalld question

Fri Mar 25 11:26:17 UTC 2016
Timothy Murphy <gayleard at eircom.net>

Matthew Miller wrote:

>> I'n wondering if it is possible to have Centos-7 automatically change
>> firewall zones, depending on the network we conect to.

> The way to do this is changing the zone for the network in
> NetworkManager.

Are there two different ways of setting firewalld zones,
in firewalld and in NetworkManager?
Which is taken if they differ?

> (This works easily for wifi networks and is kind of a
> pain for wired ones, unfortunately, since there's not necessarily a
> good way to distinguish.) I don't have a CentOS (or RHEL) desktop and I
> don't remember offhand when this hit, but in Fedora, run the
> NetworkManager config panel, hit config on a network, and change the
> zone on the Security tab.
> 
> Or, put "ZONE=public" or "ZONE=work" or whatever in the ifcfg file for
> the network.
> 
> I'm hoping in the future to make this better, but there are actually a
> lot of different parts involved so it's hard to get everyone to agree
> on the best approach.
> 
> I personally make "public" my default zone, and then add zones that
> should be more trusted to networks that should be more open.

I find the firewalld definition of "zones" rather confusing.
I run shorewall on my home server, and that seems to me
to have a much simpler definition of zones.

-- 
Timothy Murphy  
gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin