NetworkManager and FirewallD

From: Berend De Schouwer <berend de schouwer gmail com>
To: networkmanager-list gnome org
Subject: NetworkManager and FirewallD
Date: Fri, 15 Feb 2019 12:15:23 +0200

Hi,

I've got a connection setup with NetworkManager on Fedora 29, and
sometimes on reboot the firewall rules are re-ordered.

The firewall is managed by firewalld.  It creates a few zones, and
sometimes the rules in the zones are re-ordered.  For example, a diff
between startups:

 Chain POSTROUTING_ZONES (1 references)
 target     prot opt source               destination         
-POST_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
 POST_home  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
+POST_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
 POST_FedoraServer  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

This can prevent some traffic from flowing, especially if it re-orders
a MASQUERADING rule.

Note, in this case it actually broke some traffic swapping public &
home in both POST and PRE.

I can fix it by either re-starting NetworkManager, or by dropping the
connection and bringing it up again.  I can also break it that way.

I'm assuming it's triggered by a race condition.  It happens on a
Raspberry Pi, which is a little slower.


Is there some way to prevent this?

Follow-Ups:
- Re: NetworkManager and FirewallD
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]