firewalld masquerade rich rule is not working
Sam Varshavchik
mrsam at courier-mta.com
Sat Dec 27 14:34:42 UTC 2014
firewalld's --add-masquerade option breaks ntpd, and other things. This has
been documented in bug 1152472 as always reproducible, but nobody seems to
care.
I do notice a masquerade clause in the documentation for firewalld's "rich
language". I was wondering if --add-masquerade's breakage could be worked
around by enabling masquerading only for my local lan IP address range.
So I tried:
--remove-masquerade
--add-rich-language 'rule family="ipv4" source address="192.168.0.0/24" masquerade'
This doesn't appear to make any difference. traceroutes from the lan to
globally-routable IP addresses are blocked by the firewall.
Is there anything missing that needs to be done. firewalld.language man
page's description does not offer any clues.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20141227/61c8f8e5/attachment.sig>
More information about the users
mailing list