Hi all,

I’m installing a new SL7 box running a KVM host and several guests. I established a bridge br0 attached to eth0 for external access for host and all guests und use virbr0 as an internal connection between guests and host to access protected resources (e.g. a tomcat application server). Anything works fine so far.

I tried to assign the internal network devices (eth1 on guests, virbr0 on host) to the trusted zones using

# firewall-cmd --permanent --zone=public --remove-interface=eth1
# firewall-cmd --permanent —zone=trusted --add-interface=eth1
# firewall-cmd —reload

but it doesn’t work, eth1 is always in public zone after reload. If I omit the —permanent option I can successfully modify the running firewall. But after an reload or a reboot the modification is lost.

I found an entry at https://bugs.centos.org/view.php?id=7526 that it is a bug and SL7 might be affected as well.

I found a workaround as well. You can add ZONE=trusted to the /etc/sysconfig/netrwork-scripts/ifcfg-eth1 file and eth1 is added to the trusted zone on reboot and firewall reload.

There is no ifcfg-virbr0 file, of course. I found an information (Fedora) that you may add fwzone=‚trusted‘ using virsh net-edit, but on save it is deleted in SL7.



My question is: Does anyone know how to accomplish it for virbr0 in SL7?





Thanks in advance

PB






—
Dr. Peter Boy
Universität Bremen
Mary-Somerville-Str. 5
28359 Bremen
Germany

[log in to unmask]
www.zes.uni-bremen.de

————————————————

Are you looking for a web content management system for scientific research organizations?
Have a look at http://www.scientificcms.org