help with firewalld - I don't understand what I am doing wrong
by marozsas from LinuxQuestions.org on (#6JS9P)
Hi,
I am trying to replace a source IP (192.168.1.40) in the zone "trusted" by another IP (192.168.15.105), but the previous IP refuses to be removed and the new IP didn't show up , but the command says it already in...What I am doing wrong ?
Code:mastodon:~ # firewall-cmd --get-zones
block dmz docker drop external home internal libvirt libvirt-routed nm-shared public trusted work
mastodon:~ # firewall-cmd --list-sources --zone=trusted
192.168.1.40
mastodon:~ # firewall-cmd --zone=trusted --remove-source=192.168.1.40 --permanent
success
mastodon:~ # firewall-cmd --list-sources --zone=trusted
192.168.1.40
mastodon:~ # firewall-cmd --zone=trusted --add-source=192.168.15.105 --permanent
success
mastodon:~ # firewall-cmd --list-sources --zone=trusted
192.168.1.40
mastodon:~ # firewall-cmd --zone=trusted --add-source=192.168.15.105 --permanent
Warning: ALREADY_ENABLED: 192.168.15.105
success
mastodon:~ # firewall-cmd --list-sources --zone=trusted
192.168.1.40
mastodon:~ #PS: Never mind, I realized that `--permanent` only change the settings for the next reload of rules, not the current one. And that the `--list-sources` display the current set of rules that `--permanent` didnit modified ! Ouch !
TLDR; run the add/remove commands, then `systemctl reload firewalld` and after that the listing will be updated.
I am trying to replace a source IP (192.168.1.40) in the zone "trusted" by another IP (192.168.15.105), but the previous IP refuses to be removed and the new IP didn't show up , but the command says it already in...What I am doing wrong ?
Code:mastodon:~ # firewall-cmd --get-zones
block dmz docker drop external home internal libvirt libvirt-routed nm-shared public trusted work
mastodon:~ # firewall-cmd --list-sources --zone=trusted
192.168.1.40
mastodon:~ # firewall-cmd --zone=trusted --remove-source=192.168.1.40 --permanent
success
mastodon:~ # firewall-cmd --list-sources --zone=trusted
192.168.1.40
mastodon:~ # firewall-cmd --zone=trusted --add-source=192.168.15.105 --permanent
success
mastodon:~ # firewall-cmd --list-sources --zone=trusted
192.168.1.40
mastodon:~ # firewall-cmd --zone=trusted --add-source=192.168.15.105 --permanent
Warning: ALREADY_ENABLED: 192.168.15.105
success
mastodon:~ # firewall-cmd --list-sources --zone=trusted
192.168.1.40
mastodon:~ #PS: Never mind, I realized that `--permanent` only change the settings for the next reload of rules, not the current one. And that the `--list-sources` display the current set of rules that `--permanent` didnit modified ! Ouch !
TLDR; run the add/remove commands, then `systemctl reload firewalld` and after that the listing will be updated.