firewalld –permanent not working after service reload

MooreGuy asked:

I have a fedora firewall that has two interfaces. When I try to do firewall-cmd --permanent --zone=external --add-interface=eno1 and then reload firewalld with firewall-cmd --reload, the interface does not seem to be added. firewall-cmd --get-active-zones shows both eno1 and eno2 sitting in the public, which is the default, zone. There is a file in /etc/firewalld/zones/external.xml:

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>External</short>
  <description>For use on external networks. You do not trust the other computers on networks to not harm
 your computer. Only selected incoming connections are accepted.</description>
  <interface name="eno1"/>
  <service name="ssh"/>
  <masquerade/>
</zone>

My answer:


Remember that if you are using NetworkManager (you almost certainly are) then the network configuration for each interface will override the firewalld configuration.

To set the firewall zone for an interface in this circumstance, be sure to add it to, e.g., /etc/sysconfig/network-scripts/ifcfg-eno1.

ZONE="external"

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.