firewall-cmd - rich-rule - permanent configuration
by poma
Hi,
# firewall-cmd --version
0.3.3
<Runtime Configuration>
# firewall-cmd --list-rich-rules
# firewall-cmd --add-rich-rule='rule forward-port port="2222"
to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source
address="192.168.2.100"'
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22" to-addr="192.168.100.2"
# firewall-cmd --remove-rich-rule='rule forward-port port="2222"
to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source
address="192.168.2.100"'
# firewall-cmd --list-rich-rules
# firewall-cmd --add-rich-rule='rule forward-port port="2222"
to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source
address="192.168.2.100"'
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22" to-addr="192.168.100.2"
# firewall-cmd --reload
# firewall-cmd --list-rich-rules
<\Runtime Configuration>
Runtime Configuration - OK.
<Permanent Configuration>
# firewall-cmd --list-rich-rules
# firewall-cmd --permanent --add-rich-rule='rule forward-port
port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp"
family="ipv4" source address="192.168.2.100"'
# firewall-cmd --list-rich-rules
# firewall-cmd --reload
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22" to-addr="192.168.100.2"
# firewall-cmd --permanent --remove-rich-rule='rule forward-port
port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp"
family="ipv4" source address="192.168.2.100"'
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22" to-addr="192.168.100.2"
# firewall-cmd --reload
# firewall-cmd --list-rich-rules
rule family="ipv4" source address="192.168.2.100" forward-port
port="2222" protocol="tcp" to-port="22" to-addr="192.168.100.2"
# /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
…
<rule family="ipv4">
<source address="192.168.2.100"/>
<forward-port to-addr="192.168.100.2" to-port="22" protocol="tcp"
port="2222"/>
</rule>
</zone>
# Oops! It's still here. :)
<\Permanent Configuration>
Permanent Configuration - Is it a bug or a feature?
poma
10 years, 4 months
firewalld 0.3.8
by Jiri Popelka
Hi,
https://fedorahosted.org/released/firewalld/firewalld-0.3.8.tar.bz2
sha1sum: b67642886fefe0549b227d6e5f2455008c129ccc
Changelog:
- Fixed memory leaks
- New option --debug-gc
- Python3 compatibility
- Better non-ascii support
- Several firewall-config & firewall-applet fixes
- New --remove-rules commands for firewall-cmd and removeRules methods
for D-Bus
- Fixed FirewallDirect.get_rules to return proper list
- Fixed LastUpdatedOrderedDict.keys()
- Enable rich rule usage in trusted zone (RHBZ#994144)
- New error codes: INVALID_CONTEXT, INVALID_COMMAND, INVALID_USER and
INVALID_UID
--
Jiri
10 years, 5 months