On 04.05.2023 16:18, Will Furnell - STFC UKRI wrote:
Is there a way to get firewalld to evaluate rules in multiple zones in a chain like icinga -> public -> DENY?
No, that's not possible. Each packet is associated with one rule only (technically rules are applied sequentially and the first matching rule wins) and each zone is terminal - it gives final verdict.