Permanent Configuration for firewalld
I have two separate issues that I have not been able to figure out with the change from iptables to firewalld. Since firewalld is lightly documented the solutions are avoiding me.
1) I use openvpn to access my server from the internet. In iptables tun0 was a trusted interface to allow access to services and data. The command
2) I need to set up the nf_conntrack_netbios_ns and ip_nat_ftp helper modules in firewalld to allow ftp connections to external systems from other computers on my LAN. It looks like this is done using a firewalld service configuration file (see man firewalld.service). I will be working through this, but would like to hear from anyone that has set this up. Thanks!
One of the developers of firewalld replied back to the Bug I opened for not being able to make a permanent entry for tun0. He thought it might be configurable from within NetworkManager or /etc/sysconfig/network-scripts, but since this interface is created dynamically by openvpn it does not show up. He also suggested that I could make my default zone trusted and assign other zones to the other interfaces. I felt this could unintentionally open a hole further down the road.
I did come up with a workaround of my own. By making an ExecStartPost entry in /email@example.com for the first firewall-cmd above, I don't have to worry about executing the command manually after a restart.
|All times are GMT -5. The time now is 10:16 AM.|