On 10/12/2015 10:17 AM, Gordon Messmer wrote: > On 10/11/2015 03:00 PM, Emmett Culley wrote: >> I just noticed that when rebooting a CentOS 7 server the firewall comes back >> up with both interfaces set to REJECT, instead of the eth1 interface set to >> ACCEPT as defined in 'permanent' firewalld configuration files. > > Rather than paraphrasing, could you show the specific rules, chains, or > policies you're talking about? A standard firewalld rule set has the INPUT > policy set to ACCEPT, with a terminal REJECT rule. An INPUT_ZONES table will > direct to an IN_public table, with log, deny, and accept rules. > > Typically, the only rule that references an interface is the one in > INPUT_ZONES that "goto"s IN_public_allow. It is neither REJECT nor ACCEPT, > so it's really hard to guess what you're seeing that you don't expect to see. > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos >
Contents of iptables INPUT_ZONE upon reboot ----------------------------------------------- [root@dev2 ~]# iptables -nL INPUT_ZONES Chain INPUT_ZONES (1 references) target prot opt in out source destination IN_public all -- eth0 * 0.0.0.0/0 0.0.0.0/0 IN_public all -- eth1 * 0.0.0.0/0 0.0.0.0/0 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 ----------------------------------------------- Contents on iptables INPUT_ZONE after running 'systemctl restrat firewalld' ----------------------------------------------- [root@dev2 ~]# iptables -nL INPUT_ZONES Chain INPUT_ZONES (1 references) target prot opt in out source destination IN_trusted all -- eth1 * 0.0.0.0/0 0.0.0.0/0 IN_public all -- eth0 * 0.0.0.0/0 0.0.0.0/0 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 ----------------------------------------------- I expect to see the second output upon reboot. Emmett _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
