Assuming the public zone is the only active zone, IMO that should be
sufficient.
The permanent firewall is what is restored (brought up) when boot-up occurs
so you could --remove-service openvpn in the run-time instance if you note
a problem in openvpn and run firewall-cmd --complete-reload (disconnects
any hanging connections) to allow the permanent firewall to take effect
when the problem is fixed (Or maybe just reboot).
The drop zone drops everything anyway and appears not active so doesn't act
in this scope.
Amicalement,
Dave
--
Maple Park Development
Linux Systems Integration
http://www.maplepark.com/
If IP addresses weighed one gram each:
IPv4 = half the Empire State Building vs. IPv6 = 56 billion earths
I use Linux and I wouldn't touch Outlook even if I were using a Hazmat suit
and an isolation lab kit.
On Sun, Sep 11, 2016 at 9:38 PM, Jake Trader <longid(a)fedoraproject.org>
wrote:
Thank you for the reply, David.
My goal here is to prevent any leakage should there be an unexpected
disconnection in openvpn. I hear you can solve this by configuring firewall
to kill all traffic when openvpn fails.
So far all I've done is to type from public zone (default):
# firewall-cmd --add-service openvpn
# firewall-cmd --permanent --add-service openvpn
# firewall-cmd --add-masquerade
# firewall-cmd --permanent --add-masquerade
# reboot
Should I have done above in the drop zone???
I am clueless as to what I'm doing. lol Help please.
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/firewalld-
users(a)lists.fedorahosted.org