RE: firewalld zones with tun interfaces

From: "Joseph L. Casale" <jcasale activenetwerx com>
To: "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: RE: firewalld zones with tun interfaces
Date: Wed, 28 Dec 2016 00:50:14 +0000

If the tun interface is always the same, just use firewall-cmd
--zone=my_zone --add-interface=tun0


Hi Stuart,
Yea I can control the interface name but I can also pass it into the up script.

So this seemed to work well where as I also tried
firewall-cmd --permanent --change-zone=tun0 --zone=my_zone
which produced inconsistent results probably related to the timing of the up
script. If it was run far after initialization it seemed to work and persist an
entry in /etc/NetworkManager/system-connections for the interface with
a zone clause. Seems your command does the same but reliably at up script
invocation time.

My firewalld.conf has a default set however without any of the persisted entries
in network manager or the up script, any new interface created by the openvpn
service gets placed into "no zone", how can I ensure the default is respected?

Thanks a lot for the help,
jlc

References:
- firewalld zones with tun interfaces
  - From: Joseph L. Casale
- Re: firewalld zones with tun interfaces
  - From: Stuart Gathman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]