Is there any way to order rich rules in firewalld on CentOS 7? If I remove all rules and add them back in firewalld seems to put them in whatever order it feels like.
Alternatively, can I change the default policy of a firewalld zone? At the moment I don't see any way to have a zone accept traffic by default other than adding a rich rule allowing 0.0.0.0/0; and I don't see a way to ensure that rule is at the bottom.
Hello Jeff,
On 08/26/2016 07:04 PM, Jeff White wrote:
Is there any way to order rich rules in firewalld on CentOS 7? If I remove all rules and add them back in firewalld seems to put them in whatever order it feels like.
Alternatively, can I change the default policy of a firewalld zone? At the moment I don't see any way to have a zone accept traffic by default other than adding a rich rule allowing 0.0.0.0/0; and I don't see a way to ensure that rule is at the bottom.
code has already been added last week to fix the reorder issue of items in a zone element when items are added to or removed from this element. This should fix the issue with changes in the order:
https://github.com/t-woerner/firewalld/commit/6bf6b97f8328e70adde8a96d716145...
Normally rules are ordered according to the action that is used in the rule into the _log, _deny and _allow chains in that zone. The chains are processed in this order, by the way.
But there is no support to change the order of rich rules for example in the GUI and also command line tools. With the automatic placement in the chains I am not sure that a reordering could be done in a simple way that will also be visible in the GUI. Think about the duplication of rules for example to be able to do logging.
Regards, Thomas
firewalld-users@lists.fedorahosted.org