Questions tagged [firewalld]
Firewalld is a Fedora project that "provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces".
308 questions
0
votes
0
answers
22
views
firewalld corruption python-nftables command not found
this is in RHEL-8.10 x86-64
from a clean install from rhel-8.10-x86_64-dvd.iso and only using the public.xml file;
the only things I do is
# quad port nic with eno4 being my wan connection
firewall-...
- 9,076
0
votes
0
answers
23
views
How to add IGMP protocol with Ansible builtin redhat.rhel_system_roles.firewall role
I want to add an IGMP protocol to firewalld on a RHEL9 host. I could easily achieve it by running the following command:
firewall-cmd --add-protocol=igmp
However, things become different when it comes ...
- 270
3
votes
1
answer
325
views
Firewalld ignoring rich-rule against port forwarding
I have an issue setting up my firewalld to have a perfect link together with docker and fail2ban.
First, what I want to achive is the following traffic routing setup:
[PUBLIC] ->
[FIREWALLD] -&...
- 151
2
votes
1
answer
241
views
libvirt kvm virtual routed network: cannot ping gateway itself or beyond
I'm having trouble with libvirt kvm's routed networks where a VM inside a routed virtual network can ping every VM in my home subnet except the default gateway... or any gateway for that matter.
I ...
- 21
0
votes
0
answers
135
views
How to masquerade from an interface to another on selected destination addresses?
I have a wireguard VPN running to access my local network from outside.
I used to use nft but for that server, I use firewalld.
Here is my nft command to allow masquerade: PostUp = nft add rule inet ...
- 741
0
votes
0
answers
500
views
why is firewalld not processing rich rules
Using this configuration:
$ sudo firewall-cmd --list-all --zone=myzone
myzone (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 192.168.0.10/32
services:
ports:
...
- 101
0
votes
0
answers
278
views
why my forward port couldn't work use firewall-cmd
config forward port
firewall-cmd --permanent --add-masquerade
firewall-cmd --permanent --add-forward-port=port=81:proto=tcp:toaddr=127.0.0.1:toport=80
firewall-cmd --reload
now, this is my firwall-...
- 101
0
votes
0
answers
54
views
Firewalld allowing direct connections but not connections from load balancer after update
I've just recently upgraded a system from RHEL 8.5 to RHEL 8.10 which also upgraded firewalld from 0.9.3 to 0.9.11. In firewalld we have a postfix zone for port 25 connections and the only allowed ...
- 161
4
votes
2
answers
6k
views
Confused about the message "No route to host" when blocked by firewalld
Debugging a software problem, I detected a state where the attempt to make a TCP connection resulted in a "No route to host" error message.
This was especially confusing as ping had no such ...
- 1,771
0
votes
0
answers
61
views
FirewallD Direct Rules
Should be a fairly straightforward one but I'm getting conflicting information from different places.
I understand that Direct Rules take precedence over FirewallD zones, but if the default policy for ...
0
votes
0
answers
140
views
FirewallD and IPTables-NFT Chain Relationship
Something I am struggling to wrap my head around is the relationship between firewallD zone default behaviour and IPTables-NFT chain default behaviour.
I have setup a few firewalld direct rules that ...
0
votes
0
answers
123
views
How to forward specific traffic between two interfaces in one machine RHEL8
OS: RHEL8.
Goal: Forward SIP and RTP from VM main interface(ens192) to virtual manually created(ens100)
For Testing I trying to forward only ICMP packets, but it's not working.
(VM1) --icmp--> ...
- 31
0
votes
1
answer
61
views
Block income GRE ERSPAN traffic RHEL8
We have LinuxMachine(VoiceBiometrics) and customers VoiceBot.
LinuxMachine needs only SIP/SDP and RTP traffic from VoiceBot.
Customer network engineers configured on cisco device traffic mirroring(gre ...
- 31
0
votes
0
answers
146
views
Having trouble with firewalld rich rule to drop MAC address on a system with Internal and NATed external interfaces
I have a linux box acting as router that has 2 interfaces running firewalld. One is "EXTERNAL" and is connected to the internet. The other is "TRUSTED" and connects to internal ...
0
votes
1
answer
324
views
Forward Traffic From LAN To Tailscale Subnet with Firewalld
I have a Raspberry Pi with an ethernet connection on the end0 interface to the 10.15.16.0/20 network. It has a static IP address on this network at 10.20.30.15.
The Pi is also connected to my ...
- 101