How to make firewall-cmd rule permanent

Issues related to configuring your network
ddolecki108
Posts: 34
Joined: 2017/02/28 20:46:44

How to make firewall-cmd rule permanent

Postby ddolecki108 » 2017/09/07 16:34:42

Hi,

I'd like to make this rule permanent across reboots:

firewall-cmd --direct --remove-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp --dport 443 -j REJECT

Please advise

also does it effect all zones?

aks
Posts: 2498
Joined: 2014/09/20 11:22:14

Re: How to make firewall-cmd rule permanent

Postby aks » 2017/09/07 18:55:15

I think even the direct rules are limited to that zone (could be wrong though).
As for making it permanent, pass the --permanent arg.

ddolecki108
Posts: 34
Joined: 2017/02/28 20:46:44

Re: How to make firewall-cmd rule permanent

Postby ddolecki108 » 2017/09/08 13:15:46

Thank you, is "direct" a zone?

hunter86_bg
Posts: 759
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: How to make firewall-cmd rule permanent

Postby hunter86_bg » 2017/09/11 16:43:50

Direct rules are processed before any zone , so they are global. You should avoid using direct rules (best practice) unless no other choice available.

Why don't you just remove the "https" service instead ? What are you trying to accomplish ?