Multiple zones with same source
by mika313
Hello,
I am trying to define a firewalld setup based on services.
- each service has its own custom zone
- and each custom zone has its own custom ipset as a source
For exemple:
There is a dedicated zone for ssh access with ipset:ssh (10.147.17.0/24 range) and ssh service.
There is a dedicated zone for grafana access with ipset:grafana (10.147.17.0/24 range) and grafana service.
Since all the ipsets have the same entry (10.147.17.0/24 range), i cannot access to both services from a good ip in the given range. The working zone is alphabetical selected.
The flow trying to access to the second service is rejected by the first zone.
Is it possible to use a service approach with policies or with another way?
I tried to setup a policy but without success.
I would like to avoid all services in one zone.
firewalld version: 1.2.1
OS: AlmaLinux 9.2
Many Thanks
4 months, 1 week
Logging port forwarding rules
by Sam Varshavchik
I have a forwarding rule and I'd like to log when it is being used. In my
zone file I have port forwarding set up using a rich rule:
<forward-port …/>
firewall-config shows this rich rule, and it displays all of its
particulars. But if I try to edit it in firewall-config the "Log" checkbox
is disabled.
Is this a firewall-config 2.0.2 limitation, or a backend limitation? I am
using FirewallBackend=nftables
4 months, 2 weeks