View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007957 | CentOS-7 | firewalld | public | 2014-12-02 22:47 | 2014-12-02 22:47 |
| Reporter | d.nando | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | sometimes |
| Status | new | Resolution | open | ||
| Product Version | 7.0-1406 | ||||
| Summary | 0007957: firewall-cmd remove-interface command appears not to work | ||||
| Description | To remove an interface from a zone, I issued the following commands: firewall-cmd --zone=trusted --remove-interface=lo --permanent firewall-cmd --reload firewall-cmd --zone=trusted --list-all However, the interface was still associated with the zone. I then checked the xml configuration files in /etc/firewalld/zones - trusted.xml was edited and no longer contained the interface lo. I then deleted the trusted.xml file and its backup from /etc/firewalld/zones and ran firewall-cmd --complete-reload, but this did not clear the lo interface from the trusted zone either. Finally, I rebooted the system and this worked. The lo interface was cleared from the trusted zone. | ||||
| Steps To Reproduce | Add an interface to a zone using firewall-cmd --add-interface --permanent Remove an interface from a zone using firewall-cmd --remove-interface --permanent Reload the firewall using firewall-cmd --reload Check the state of the zone using firewall-cmd zone=<zone> --list-all | ||||
| Additional Information | I have not yet tried to reproduce this multiple times. Below is a copy/paste of my terminal output that demonstrates the entire sequence of commands issued [root@CF11Test ~]# firewall-cmd --zone=trusted --add-interface=lo --permanent success [root@CF11Test ~]# firewall-cmd --reload success [root@CF11Test ~]# firewall-cmd --zone=trusted --list-all trusted (active) interfaces: lo sources: services: ports: masquerade: no forward-ports: icmp-blocks: rich rules: [root@CF11Test ~]# firewall-cmd --zone=trusted --remove-interface=lo --permanent success [root@CF11Test ~]# firewall-cmd --reload success [root@CF11Test ~]# firewall-cmd --zone=trusted --list-all trusted (active) interfaces: lo sources: services: ports: masquerade: no forward-ports: icmp-blocks: rich rules: [root@CF11Test ~]# firewall-cmd --zone=trusted --list-all trusted (active) interfaces: lo sources: services: ports: masquerade: no forward-ports: icmp-blocks: rich rules: [root@CF11Test ~]# firewall-cmd --reload success [root@CF11Test ~]# firewall-cmd --zone=trusted --list-all trusted (active) interfaces: lo sources: services: ports: masquerade: no forward-ports: icmp-blocks: rich rules: [root@CF11Test ~]# firewall-cmd --complete-reload success [root@CF11Test ~]# firewall-cmd --zone=trusted --list-all trusted (active) interfaces: lo sources: services: ports: masquerade: no forward-ports: icmp-blocks: rich rules: [root@CF11Test ~]# firewall-cmd --zone=dmz --list-all dmz interfaces: sources: services: ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: [root@CF11Test ~]# firewall-cmd --get-zone-of-interface=lo trusted [root@CF11Test ~]# reboot Connection to 192.168.1.16 closed by remote host. Connection to 192.168.1.16 closed. basho:octopress nando$ ssh root@192.168.1.16 root@192.168.1.16's password: Last login: Mon Dec 1 19:53:55 2014 from 192.168.1.121 [root@CF11Test ~]# firewall-cmd --get-zone-of-interface=lo no zone | ||||
| Tags | No tags attached. | ||||
| abrt_hash | |||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-12-02 22:47 | d.nando | New Issue |
