Re: [SCIENTIFIC-LINUX-USERS] Firewall-cmd doesn't assign an interface permanently to a zone

Tue, 30 Dec 2014 03:18:15 -0800 

Hi,
i already installed couple of SL7 boxes and i have to say, that the menitoned 'firewalld' is the new feature that i like the least. 


What i do is, i just remove 'firewalld' and install 'iptables'. There i 
know what to do and there i could help you. But not with this.

Firewalld is ugly (imho).

cheers,

--
*Karel Lang*
*Unix/Linux Administration*
[email protected] | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

On 12/29/2014 03:24 PM, Pat Riehecky wrote:

This appears somewhat similar to TUV bugzilla 1112742

I'm afraid I don't have 7 system to test with at the moment, but the
listed workaround there may be of some help.

Pat


On 12/29/2014 02:47 AM, Peter Boy wrote:

Hi all,

I’m installing a new SL7 box running a KVM host and several guests. I
established a bridge br0 attached to eth0 for external access for host
and all guests und use virbr0 as an internal connection between guests
and host to access protected resources (e.g. a tomcat application
server). Anything works fine so far.

I tried to assign the internal network devices (eth1 on guests, virbr0
on host) to the trusted zones using

# firewall-cmd --permanent --zone=public --remove-interface=eth1
# firewall-cmd --permanent —zone=trusted --add-interface=eth1
# firewall-cmd —reload

but it doesn’t work, eth1 is always in public zone after reload. If I
omit the —permanent option I can successfully modify the running
firewall. But after an reload or a reboot the modification is lost.

I found an entry at https://bugs.centos.org/view.php?id=7526 that it
is a bug and SL7 might be affected as well.

I found a workaround as well. You can add ZONE=trusted to the
/etc/sysconfig/netrwork-scripts/ifcfg-eth1 file and eth1 is added to
the trusted zone on reboot and firewall reload.

There is no ifcfg-virbr0 file, of course. I found an information
(Fedora) that you may add fwzone=‚trusted‘ using virsh net-edit, but
on save it is deleted in SL7.



My question is: Does anyone know how to accomplish it for virbr0 in SL7?





Thanks in advance

PB






—
Dr. Peter Boy
Universität Bremen
Mary-Somerville-Str. 5
28359 Bremen
Germany

[email protected]
www.zes.uni-bremen.de

————————————————

Are you looking for a web content management system for scientific
research organizations?
Have a look at http://www.scientificcms.org
























					Reply via email to