> Am 30.12.2014 um 12:17 schrieb Karel Lang AFD <[email protected]>: > > Hi, > i already installed couple of SL7 boxes and i have to say, that the menitoned > 'firewalld' is the new feature that i like the least. > > What i do is, i just remove 'firewalld' and install 'iptables'. There i know > what to do and there i could help you. But not with this. > Firewalld is ugly (imho). >
I agree that firewalld by far is not the best feature of EL7, at least at the moment. And reading the maintainer’s comment on TUV bugzilla about firewall zone being a matter of NetworkManager and not of firewall I doubt the concept behind that implementation. I tried iptables, but "systemctl status iptables" indicates again that the process is indeed active, but has terminated. And fail2bain requires firewalld and does not cooperate with iptables anymore. So I suppose I’m stuck with firewalld for now. I resolved the problem: - I made the trusted zone default (firewall-cmd —set-default-zone=trusted) - I added the line „ZONE=public“ to the public interface definitions (ifcfg-eth0 and ifcfg-br0 in my case) in /etc/sysconfig/network-scripts/. After reboot as well as after a „firewall-cmd —reload“ the public interfaces were in public zone and virbr0 was in trusted zone. At first I found virbr0 was in zone internal after I stopped firewalld and restarted it again (in contrast to reboot and reload) until I remembered that I previously had assigned it to that zone using --permanent --change-interface=virbr0. When I changed it to zone=trusted, everything was OK. It was clearly a configuration error, nevertheless I think it is a bug it the same configuration silently creates different results. I’m a bit unease to have trusted as the default zone. But at least it works. Peter — Dr. Peter Boy Universität Bremen Mary-Somerville-Str. 5 28359 Bremen Germany [email protected] www.zes.uni-bremen.de ———————————————— Are you looking for a web content management system for scientific research organizations? Have a look at http://www.scientificcms.org — Dr. Peter Boy Universität Bremen Mary-Somerville-Str. 5 28359 Bremen Germany [email protected] www.zes.uni-bremen.de ———————————————— Are you looking for a web content management system for scientific research organizations? Have a look at http://www.scientificcms.org
