 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 30 Dec 2014 12:17:46 +0100 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Hi,
i already installed couple of SL7 boxes and i have to say, that the
menitoned 'firewalld' is the new feature that i like the least.
What i do is, i just remove 'firewalld' and install 'iptables'. There i
know what to do and there i could help you. But not with this.
Firewalld is ugly (imho).
cheers,
--
*Karel Lang*
*Unix/Linux Administration*
[log in to unmask] | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz
On 12/29/2014 03:24 PM, Pat Riehecky wrote:
> This appears somewhat similar to TUV bugzilla 1112742
>
> I'm afraid I don't have 7 system to test with at the moment, but the
> listed workaround there may be of some help.
>
> Pat
>
>
> On 12/29/2014 02:47 AM, Peter Boy wrote:
>> Hi all,
>>
>> I’m installing a new SL7 box running a KVM host and several guests. I
>> established a bridge br0 attached to eth0 for external access for host
>> and all guests und use virbr0 as an internal connection between guests
>> and host to access protected resources (e.g. a tomcat application
>> server). Anything works fine so far.
>>
>> I tried to assign the internal network devices (eth1 on guests, virbr0
>> on host) to the trusted zones using
>>
>> # firewall-cmd --permanent --zone=public --remove-interface=eth1
>> # firewall-cmd --permanent —zone=trusted --add-interface=eth1
>> # firewall-cmd —reload
>>
>> but it doesn’t work, eth1 is always in public zone after reload. If I
>> omit the —permanent option I can successfully modify the running
>> firewall. But after an reload or a reboot the modification is lost.
>>
>> I found an entry at https://bugs.centos.org/view.php?id=7526 that it
>> is a bug and SL7 might be affected as well.
>>
>> I found a workaround as well. You can add ZONE=trusted to the
>> /etc/sysconfig/netrwork-scripts/ifcfg-eth1 file and eth1 is added to
>> the trusted zone on reboot and firewall reload.
>>
>> There is no ifcfg-virbr0 file, of course. I found an information
>> (Fedora) that you may add fwzone=‚trusted‘ using virsh net-edit, but
>> on save it is deleted in SL7.
>>
>>
>>
>> My question is: Does anyone know how to accomplish it for virbr0 in SL7?
>>
>>
>>
>>
>>
>> Thanks in advance
>>
>> PB
>>
>>
>>
>>
>>
>>
>> —
>> Dr. Peter Boy
>> Universität Bremen
>> Mary-Somerville-Str. 5
>> 28359 Bremen
>> Germany
>>
>> [log in to unmask]
>> www.zes.uni-bremen.de
>>
>> ————————————————
>>
>> Are you looking for a web content management system for scientific
>> research organizations?
>> Have a look at http://www.scientificcms.org
>
|
|
|
