This appears somewhat similar to TUV bugzilla 1112742

I'm afraid I don't have 7 system to test with at the moment, but the 
listed workaround there may be of some help.

Pat


On 12/29/2014 02:47 AM, Peter Boy wrote:
> Hi all,
>
> I’m installing a new SL7 box running a KVM host and several guests. I established a bridge br0 attached to eth0 for external access for host and all guests und use virbr0 as an internal connection between guests and host to access protected resources (e.g. a tomcat application server). Anything works fine so far.
>
> I tried to assign the internal network devices (eth1 on guests, virbr0 on host) to the trusted zones using
>
> # firewall-cmd --permanent --zone=public --remove-interface=eth1
> # firewall-cmd --permanent —zone=trusted --add-interface=eth1
> # firewall-cmd —reload
>
> but it doesn’t work, eth1 is always in public zone after reload. If I omit the —permanent option I can successfully modify the running firewall. But after an reload or a reboot the modification is lost.
>
> I found an entry at https://bugs.centos.org/view.php?id=7526 that it is a bug and SL7 might be affected as well.
>
> I found a workaround as well. You can add ZONE=trusted to the /etc/sysconfig/netrwork-scripts/ifcfg-eth1 file and eth1 is added to the trusted zone on reboot and firewall reload.
>
> There is no ifcfg-virbr0 file, of course. I found an information (Fedora) that you may add fwzone=‚trusted‘ using virsh net-edit, but on save it is deleted in SL7.
>
>
>
> My question is: Does anyone know how to accomplish it for virbr0 in SL7?
>
>
>
>
>
> Thanks in advance
>
> PB
>
>
>
>
>
>
> —
> Dr. Peter Boy
> Universität Bremen
> Mary-Somerville-Str. 5
> 28359 Bremen
> Germany
>
> [log in to unmask]
> www.zes.uni-bremen.de
>
> ————————————————
>
> Are you looking for a web content management system for scientific research organizations?
> Have a look at http://www.scientificcms.org

-- 
Pat Riehecky
Scientific Linux developer

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org