New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to commit runtime zone change to config #890
Comments
…anent It fails to write a runtime zone change to the permanent config: firewalld/firewalld#890
…anent It fails to write a runtime zone change to the permanent config: firewalld/firewalld#890
…anent It fails to write a runtime zone change to the permanent config: firewalld/firewalld#890
…anent It fails to write a runtime zone change to the permanent config: firewalld/firewalld#890
…anent It fails to write a runtime zone change to the permanent config: firewalld/firewalld#890
Are you using NetworkManager? Did you previously assign
|
No.
Yep, implicitly by the system installation:
I just checked the state of the configuration files after running the commands: |
…anent It fails to write a runtime zone change to the permanent config: firewalld/firewalld#890
Looks like we should be moving the interface regardless of the existing permanent configuration. firewalld/src/firewall/server/config_zone.py Lines 219 to 224 in 0a910f3
I'll have to investigate this area to make sure it's safe to make said change. |
As long as it correctly removes the old zone assignment that should be fine FWICT - otherwise the runtime configuration would be broken as well. |
It's a bit more complicated due to NetworkManager and ifcfg files. Since the config move from runtime to permanent it needs to be determined which of those should be updated.
Of course, we also need to deal with removal from the old zone. |
After adding a custom zone and moving an interface to it, which was previously by default in the
public
zone,--runtime-to-permanent
fails.How to reproduce it (as minimally and precisely as possible):
The journal shows:
The full firewalld log with
--debug=1
is attached: firewalld.logI added the conflicting zone to the exception message, so it's visible that during copy of the
my-external
zone, the check for duplication fails becauseens4
is still assigned to thepublic
zone.Anything else we need to know?:
Environment:
cat /etc/firewalld/firewalld.conf | grep FirewallBackend
): nftablescat /etc/os-release
): openSUSE Tumbleweed 20211124The text was updated successfully, but these errors were encountered: