[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Firewalld is incomplete

Subject: [ale] Firewalld is incomplete
From: jim.kinney at gmail.com (Jim Kinney)
Date: Sat, 26 Jan 2019 21:17:15 -0500

The firewall was overdue for replacement. So when it died today, rebuilding it with all firewalld seemed to be acceptable.

The setup has a single network line to the upstream router. That line has 5 IP addresses. Those are nat'ed into the lan to various lan addresses. This is done with several iptables entries for nat and port forwarding. 

But firewalld has no rule set to handle destination IP! Um. Yeah. Source IP but not destination. So how to direct packets?

Ah! Could put each ip in a zone and redirect a zone. But that doesn't work as zones are defined by interface or source IP.

:-(

It's possible to do direct rules into firewalld but those are not available to save and rerun (outside of a bash script) at boot/firewall restart.

W. T. F. ??

Rich rules don't support destination IP either.

W.
T.
F.
!?!?

So manual iptables it is with a bug notice going to firewalld devs.

Maybe there's a way to do it but 7+ hours into docs and attempts, I pulled the plug and went for what works. 



-- 
Sent from my Android device with K-9 Mail. All tyopes are thumb related and reflect authenticity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20190126/a076c9e2/attachment.html>

Follow-Ups:
- [ale] Firewalld is incomplete
  - From: philip at turmel.org (Phil Turmel)
- [ale] Firewalld is incomplete
  - From: preston.lists at gmail.com (Preston)

Prev by Date: [ale] Testing fubar recovery
Next by Date: [ale] Testing fubar recovery
Previous by thread: [ale] Testing fubar recovery
Next by thread: [ale] Firewalld is incomplete
Index(es):
- Date
- Thread