firewalld from a server perspective
Miloslav Trmač
mitr at redhat.com
Fri Aug 1 13:04:49 UTC 2014
----- Original Message -----
> On Fri, 2014-08-01 at 08:47 -0400, Miloslav Trmač wrote:
>
> > > 2. What zone should the server put the clients they connect. Should
> > > there be some special vpn zone or should I use one of the existing ones?
> > > (none of the existing looks very reasonable for that).
> > How are the clients connected exactly? If the traffic looks like it
> > arrives on a virtual interface, a zone should be assigned to that
> > interface, using the existing system-wide configuration for that interface
> > (/etc/sysconfig/network-scripts/ifcfg*) if at all possible (this might
> > require extra code I don’t know much about).
>
> Correct the traffic arrives on a virtual interface. So as according to
> the wiki the client should at some point execute "firewall-cmd
> --zone=myzone --add-interface=tun-client-iface".
I’m not sure about that. The general case is that NetworkManager (or init.d/network) manage interfaces, including that virtual interface, and therefore _NetworkManager_ interprets the ZONE= setting from the interface configuration
More information about the devel
mailing list