CentOS 7.5 firewalld config changes

Support for security such as Firewalls and securing linux
Posts: 16
Joined: 2011/11/15 17:34:46
Location: Redwood City, California

CentOS 7.5 firewalld config changes

Postby vikinggeek » 2018/05/13 06:58:39

Just did a couple of server upgrades from 7.4 to 7.5. Seems to be working well except for the configuration of interface to zone binding.

In 7.4 and earlier, I included ZONE=<zone name> in the ifcfg-<interface> files in /etc/sysconfig/network-scripts directory. In 7.5 this directive is not taking effect and I have to run e.g.:

Code: Select all

firewall-cmd --permanent --change-zone=eth0 --zone=internal

to bind a zone definition to an interface. This creates an entry in the internal.xml file in the /etc/firewalld/zones directory which I'm not happy with.

It is worth mentioning that our servers do not have NetworkManager installed as we configure all settings via ansible scripts and we use policy based routing extensively. These configurations are done via rule-<interface> and route-<interface> for both IPv4 and IPv6.

Anyone else seeing this change? Is this a change in behavior or a bug?