From my reading and experiments it seems that I cannot block outgoing traffic for a particular zone or device.
I ask because I would like to connect to A VPN, then allow only ssh and DNS traffic to that VPN. Other traffi
I can do this using the direct interface, but the rules apply globally not just to the zone.
This command will create a rule that disables all outgoing connections despite seeming to support the zone argument. firewall-cmd --zone=myvpn --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
So if someone could please confirm that what I am asking is not possible.
Thanks
On Tue, Apr 07, 2020 at 05:49:24AM -0000, Steven Moyse wrote:
From my reading and experiments it seems that I cannot block outgoing traffic for a particular zone or device.
I ask because I would like to connect to A VPN, then allow only ssh and DNS traffic to that VPN. Other traffi
I can do this using the direct interface, but the rules apply globally not just to the zone.
This command will create a rule that disables all outgoing connections despite seeming to support the zone argument. firewall-cmd --zone=myvpn --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
The --zone argument is ignored. We should likely be throwing an error here.
So if someone could please confirm that what I am asking is not possible.
Confirmed. You must use a direct rule.
Work on native OUTPUT/FORWARD filtering is in progress. Hopefully it's ready for the next feature release.
firewalld-users@lists.fedorahosted.org