Re: firewalld zones with tun interfaces

From: Stuart Gathman <stuart gathman org>
To: networkmanager-list gnome org
Subject: Re: firewalld zones with tun interfaces
Date: Tue, 27 Dec 2016 16:48:10 -0500

On 12/27/2016 03:17 PM, Joseph L. Casale wrote:

I have a system controlled openvpn configuration that creates a tun interface.
As the resulting tun interface falls under network manager, I created an up script
That executes `/usr/bin/nmcli connection modify tun0 connection.zone my_zone` 
where the actual interface name is passed in. This seemingly only works some of the
time and manual invocations of the above command simply fail to move the interface
into the zone.

What is the correct way to ensure this interface is always the required zone?

If the tun interface is always the same, just use firewall-cmd
--zone=my_zone --add-interface=tun0
If the tun interface can vary, but the network is the same, e.g.
10.123.0.0/16
  firewall-cmd --zone=my_zone --add-source=10.123.0.0/16

Follow-Ups:
- RE: firewalld zones with tun interfaces
  - From: Joseph L. Casale

References:
- firewalld zones with tun interfaces
  - From: Joseph L. Casale

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]