View Issue Details

IDProjectCategoryView StatusLast Update
0007957CentOS-7firewalldpublic2014-12-02 22:47
Reporterd.nando Assigned To 
PrioritynormalSeverityminorReproducibilitysometimes
Status newResolutionopen 
Product Version7.0-1406 
Summary0007957: firewall-cmd remove-interface command appears not to work
DescriptionTo remove an interface from a zone, I issued the following commands:

firewall-cmd --zone=trusted --remove-interface=lo --permanent
firewall-cmd --reload
firewall-cmd --zone=trusted --list-all

However, the interface was still associated with the zone.

I then checked the xml configuration files in /etc/firewalld/zones - trusted.xml was edited and no longer contained the interface lo. I then deleted the trusted.xml file and its backup from /etc/firewalld/zones and ran firewall-cmd --complete-reload, but this did not clear the lo interface from the trusted zone either.

Finally, I rebooted the system and this worked. The lo interface was cleared from the trusted zone.
Steps To ReproduceAdd an interface to a zone using firewall-cmd --add-interface --permanent
Remove an interface from a zone using firewall-cmd --remove-interface --permanent
Reload the firewall using firewall-cmd --reload
Check the state of the zone using firewall-cmd zone=<zone> --list-all
Additional InformationI have not yet tried to reproduce this multiple times. Below is a copy/paste of my terminal output that demonstrates the entire sequence of commands issued

[root@CF11Test ~]# firewall-cmd --zone=trusted --add-interface=lo --permanent
success
[root@CF11Test ~]# firewall-cmd --reload
success
[root@CF11Test ~]# firewall-cmd --zone=trusted --list-all
trusted (active)
  interfaces: lo
  sources:
  services:
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
    
[root@CF11Test ~]# firewall-cmd --zone=trusted --remove-interface=lo --permanent
success
[root@CF11Test ~]# firewall-cmd --reload
success
[root@CF11Test ~]# firewall-cmd --zone=trusted --list-all
trusted (active)
  interfaces: lo
  sources:
  services:
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
    
[root@CF11Test ~]# firewall-cmd --zone=trusted --list-all
trusted (active)
  interfaces: lo
  sources:
  services:
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
    
[root@CF11Test ~]# firewall-cmd --reload
success
[root@CF11Test ~]# firewall-cmd --zone=trusted --list-all
trusted (active)
  interfaces: lo
  sources:
  services:
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
    
[root@CF11Test ~]# firewall-cmd --complete-reload
success
[root@CF11Test ~]# firewall-cmd --zone=trusted --list-all
trusted (active)
  interfaces: lo
  sources:
  services:
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
    
[root@CF11Test ~]# firewall-cmd --zone=dmz --list-all
dmz
  interfaces:
  sources:
  services: ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
    
[root@CF11Test ~]# firewall-cmd --get-zone-of-interface=lo
trusted
[root@CF11Test ~]# reboot
Connection to 192.168.1.16 closed by remote host.
Connection to 192.168.1.16 closed.
basho:octopress nando$ ssh root@192.168.1.16
root@192.168.1.16's password:
Last login: Mon Dec 1 19:53:55 2014 from 192.168.1.121
[root@CF11Test ~]# firewall-cmd --get-zone-of-interface=lo
no zone
TagsNo tags attached.
abrt_hash
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2014-12-02 22:47 d.nando New Issue