CentOS 7.5 firewalld config changes
Posted: 2018/05/13 06:58:39
Just did a couple of server upgrades from 7.4 to 7.5. Seems to be working well except for the configuration of interface to zone binding.
In 7.4 and earlier, I included ZONE=<zone name> in the ifcfg-<interface> files in /etc/sysconfig/network-scripts directory. In 7.5 this directive is not taking effect and I have to run e.g.:
to bind a zone definition to an interface. This creates an entry in the internal.xml file in the /etc/firewalld/zones directory which I'm not happy with.
It is worth mentioning that our servers do not have NetworkManager installed as we configure all settings via ansible scripts and we use policy based routing extensively. These configurations are done via rule-<interface> and route-<interface> for both IPv4 and IPv6.
Anyone else seeing this change? Is this a change in behavior or a bug?
In 7.4 and earlier, I included ZONE=<zone name> in the ifcfg-<interface> files in /etc/sysconfig/network-scripts directory. In 7.5 this directive is not taking effect and I have to run e.g.:
Code: Select all
firewall-cmd --permanent --change-zone=eth0 --zone=internal
It is worth mentioning that our servers do not have NetworkManager installed as we configure all settings via ansible scripts and we use policy based routing extensively. These configurations are done via rule-<interface> and route-<interface> for both IPv4 and IPv6.
Anyone else seeing this change? Is this a change in behavior or a bug?