Firewalld --add-source causes error on --reload

Support for security such as Firewalls and securing linux
Post Reply
kkraemer
Posts: 1
Joined: 2017/05/27 02:58:06

Firewalld --add-source causes error on --reload

Post by kkraemer » 2017/05/27 03:19:33

these settings work
firewall-cmd --zone=public --add-service=ssh
firewall-cmd --zone=internal --add-service=ssh
firewall-cmd --zone=internal --add-service=mysql
firewall-cmd --reload
this results in a successful reload

these settings do not work
firewall-cmd --zone=public --add-service=ssh
firewall-cmd --zone=internal --add-service=ssh
firewall-cmd --zone=internal --add-service=mysql
firewall-cmd --zone=internal --add-source=192.168.137.135 --permanent
firewall-cmd --reload
this results in:
1. the server not being reachable by ssh
2. entries in firewalld log
ERROR: COMMAND_FAILED
ERROR: UNKNOWN_INTERFACE: 'eth0' is not in any zone
WARNING: '/usr/sbin/ip6tables-restore -n' failed:
3. firewall-cmd --get-active-zones
internal
sources: 129.168.137.135
4. firewall-cmd --get-default-zone
public

I've confirmed that adding a source ip, either using the above command or a rich rule, to either the public or internal zones, results in the the errors and the server not being reachable by ssh.

I've confirmed that /etc/sysconfig/network-scripts/ifcfg-eth0 has "zone=public" after "firewall-cmd --reload" and/or reboot

I'm running
Latest 64 bit (4.9.15-x86_64-linode81)
NetworkManager
one interface eth0

Any suggestions would be very helpful. Thanks, Keith

stevemowbray
Posts: 519
Joined: 2012/06/26 14:20:47

Re: Firewalld --add-source causes error on --reload

Post by stevemowbray » 2017/05/29 10:18:17

This is not a CentOS kernel:
Latest 64 bit (4.9.15-x86_64-linode81)

So you should probably get advice from the source of that kernel.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Firewalld --add-source causes error on --reload

Post by TrevorH » 2017/05/29 13:46:07

And "zone=public" should almost certainly be ZONE=public
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply