Firewalld command line doesn't list the correct active zone

Reksio · 08-20-2017, 01:57 PM

Hi,

From what I understand to change the active zone in Firewalld through firewall-cmd you have to issue a command

Code:

firewall-cmd --zone=external --add-interface=wlp2s0

And after I click enter and run the command I see this, confirming that the zone has been changed:

Code:

The interface is under control of NetworkManager, setting zone to 'external'.
success

The problem is, when I list the active zone it is still "drop" (my current default zone) and when I "list all" I see that:

Code:

drop (active)
  target: DROP
  icmp-block-inversion: no
  interfaces: wlp2s0
  sources: 
  services: 
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

This naturally leads me to believe that the zone was not in fact changed to external and is still drop, meaning that the command didn't work properly... However, when I open the Firewalld applet, the current zone is actually "external" now, so I guess that the command line doesn't list the right active zone for some reason.

Someone told me that before doing the "--add-interface" I need to first drop the interface from the default zone, but that doesn't actually change anything.

Any help is appreciated!

tshikose · 08-20-2017, 04:16 PM

Use this

Code:

firewall-cmd --set-default-zone=external

Reksio · 08-20-2017, 04:19 PM

That will change the default zone, meaning that if I have more interfaces they will all be placed in that zone. I want just one interface to change zones.

Unless I'm mistaken...?

tshikose · 08-21-2017, 03:48 AM

Basically, yes. New interfaces will be placed in that zone.
You better search for good tutorial on NetworkManager and firewalld, to get you informed.