Hello,
I have created a new zone using 'firewall-cmd'. The default zone 'public' has the only network interface 'eth0' assigned to it.
The zone "newzone" has a series or rich rules added to it. These rules whitelist a group of IP addresses and ports that can access.
As I understand it, incoming packets check source zones first and if there is a match, they pass, and it ends there. I have reports that access from some of these IP addresses are not getting through. I then noticed that the 'newzone' is not listed as being 'active'. I assume it should be.
When I do a listing of the active zones, I see:
firewall-cmd --get-active-zones
public
interfaces: eth0
sources: xx.xx.xx.0/24
If I look at the default 'public' zone, I see that it is considered 'active' :
firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: 159.121.122.0/24
services: dhcpv6-client ssh mysql
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
If I do a listing of "newzone", I see that is doesn't indicate that it is 'active'.
firewall-cmd --zone=newzone --list-all
newzone
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh http https
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="xx.xxx.xxx.xx" port port="8400-8402" protocol="tcp" accept
New firewalld source zone is not active
Re: New firewalld source zone is not active
You activate a zone by binding an interface or a source IP address range to it.