I've been trying to learn new centos 7 systemd and firewalld concepts over the past few days and came across this one today when rebooting my server.
i had previously setup firewalld and placed eth0 and eth1 in the dmz and internal zones respectively w/ the following commands:
Code: Select all
sudo firewall-cmd --permanent --zone=public --remove-interface=eth1
sudo firewall-cmd --permanent --zone=internal --add-interface=eth1
Code: Select all
# Inform firewall which network zone (empty means default) this interface belongs to
if [ -x /usr/bin/firewall-cmd -a "${REALDEVICE}" != "lo" ]; then
/usr/bin/firewall-cmd --zone="${ZONE}" --change-interface="${DEVICE}" > /dev/null 2>&1
fi
I added the ZONE setting to each device's config to fix my issue for now...
but my question is, why is this done at all? the "default" ZONE value blows away the permanently set value. it seems like the script should at least check the current value of
Code: Select all
firewall-cmd --get-zone-of-interface=eth0