-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Direct passthroughs rules not removed on reload #959
Comments
Do you have |
tl;dr don't use You're using Even the man pages say you shouldn't be able to use
But, the code obviously allows it and aliases it to Lines 1888 to 1901 in 797234e
We can't fix this with out potentially breaking users that rely on |
Thanks, understand, so i wont use |
Maybe in the short term we should update the man page to indicate this is an alias for |
👍🏽 |
What happened:
removing passthroughts and doing reload wont remove the rules
What you expected to happen:
on reload rules not appear
How to reproduce it (as minimally and precisely as possible):
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -o virbr0 -j ACCEPT firewall-cmd --direct --get-all-passthroughs firewall-cmd --permanent --direct --remove-passthrough ipv4 -I FORWARD -o virbr0 -j ACCEPT firewall-cmd --reload firewall-cmd --permanent --direct --remove-passthrough ipv4 -I FORWARD -o virbr0 -j ACCEPT
Anything else we need to know?:
workaround:
systemctl restart firewalld.service
Environment:
dnf info firewalld
or commit hash if developing from gitgit log -n1 --format=format:"%H"
): 1.1.1cat /etc/firewalld/firewalld.conf | grep FirewallBackend
):nftables
cat /etc/os-release
):The text was updated successfully, but these errors were encountered: