New firewalld source zone is not active

Issues related to configuring your network
Post Reply
bricoleur
Posts: 7
Joined: 2014/12/04 20:42:11

New firewalld source zone is not active

Post by bricoleur » 2017/11/08 23:05:54

Hello,

I have created a new zone using 'firewall-cmd'. The default zone 'public' has the only network interface 'eth0' assigned to it.

The zone "newzone" has a series or rich rules added to it. These rules whitelist a group of IP addresses and ports that can access.

As I understand it, incoming packets check source zones first and if there is a match, they pass, and it ends there. I have reports that access from some of these IP addresses are not getting through. I then noticed that the 'newzone' is not listed as being 'active'. I assume it should be.
When I do a listing of the active zones, I see:

firewall-cmd --get-active-zones
public
interfaces: eth0
sources: xx.xx.xx.0/24


If I look at the default 'public' zone, I see that it is considered 'active' :

firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: 159.121.122.0/24
services: dhcpv6-client ssh mysql
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:


If I do a listing of "newzone", I see that is doesn't indicate that it is 'active'.

firewall-cmd --zone=newzone --list-all
newzone
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh http https
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="xx.xxx.xxx.xx" port port="8400-8402" protocol="tcp" accept

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: New firewalld source zone is not active

Post by pjsr2 » 2017/11/09 12:10:49

You activate a zone by binding an interface or a source IP address range to it.

Post Reply