In 7.4 and earlier, I included ZONE=<zone name> in the ifcfg-<interface> files in /etc/sysconfig/network-scripts directory. In 7.5 this directive is not taking effect and I have to run e.g.:
Code: Select all
firewall-cmd --permanent --change-zone=eth0 --zone=internal
to bind a zone definition to an interface. This creates an entry in the internal.xml file in the /etc/firewalld/zones directory which I'm not happy with.
It is worth mentioning that our servers do not have NetworkManager installed as we configure all settings via ansible scripts and we use policy based routing extensively. These configurations are done via rule-<interface> and route-<interface> for both IPv4 and IPv6.
Anyone else seeing this change? Is this a change in behavior or a bug?