these settings work
firewall-cmd --zone=public --add-service=ssh
firewall-cmd --zone=internal --add-service=ssh
firewall-cmd --zone=internal --add-service=mysql
firewall-cmd --reload
this results in a successful reload
these settings do not work
firewall-cmd --zone=public --add-service=ssh
firewall-cmd --zone=internal --add-service=ssh
firewall-cmd --zone=internal --add-service=mysql
firewall-cmd --zone=internal --add-source=192.168.137.135 --permanent
firewall-cmd --reload
this results in:
1. the server not being reachable by ssh
2. entries in firewalld log
ERROR: COMMAND_FAILED
ERROR: UNKNOWN_INTERFACE: 'eth0' is not in any zone
WARNING: '/usr/sbin/ip6tables-restore -n' failed:
3. firewall-cmd --get-active-zones
internal
sources: 129.168.137.135
4. firewall-cmd --get-default-zone
public
I've confirmed that adding a source ip, either using the above command or a rich rule, to either the public or internal zones, results in the the errors and the server not being reachable by ssh.
I've confirmed that /etc/sysconfig/network-scripts/ifcfg-eth0 has "zone=public" after "firewall-cmd --reload" and/or reboot
I'm running
Latest 64 bit (4.9.15-x86_64-linode81)
NetworkManager
one interface eth0
Any suggestions would be very helpful. Thanks, Keith
Firewalld --add-source causes error on --reload
-
- Posts: 519
- Joined: 2012/06/26 14:20:47
Re: Firewalld --add-source causes error on --reload
This is not a CentOS kernel:
Latest 64 bit (4.9.15-x86_64-linode81)
So you should probably get advice from the source of that kernel.
Latest 64 bit (4.9.15-x86_64-linode81)
So you should probably get advice from the source of that kernel.
Re: Firewalld --add-source causes error on --reload
And "zone=public" should almost certainly be ZONE=public
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke