I have a fedora firewall that has two interfaces. When I try to do
firewall-cmd --permanent --zone=external --add-interface=eno1 and then reload firewalld with
firewall-cmd --reload, the interface does not seem to be added.
firewall-cmd --get-active-zones shows both eno1 and eno2 sitting in the public, which is the default, zone. There is a file in
<?xml version="1.0" encoding="utf-8"?> <zone> <short>External</short> <description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <interface name="eno1"/> <service name="ssh"/> <masquerade/> </zone>
Remember that if you are using NetworkManager (you almost certainly are) then the network configuration for each interface will override the firewalld configuration.
To set the firewall zone for an interface in this circumstance, be sure to add it to, e.g.,
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.