You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By default, NetworkManager is assuming partial ownership of eth0:
# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected System eth0
lo loopback unmanaged --
NetworkManager will tell firewalld what zone to use but firewalld won't tell NetworkManager. Upon applying salt states that update the default zone via firewalld, the active firewall state will change. However, at reboot, NetworkManager will revert the default zone. Need add logic to either:
Wholly disable [expletive-deleted] NetworkManager
Disable NetworkManager's management of the default interface (set NM_CONTROLLED to "false" in the /etc/sysconfig/network-scripts/ifcfg-<IF> file)
Ensure that the equivalent of a nmcli connection modify "System eth0" connection.zone drop is run concurrent to the firewalld commands
Down-side to 2nd and 3rd options is that the default interface can vary depending on deployment-type (most cases will be eth0 [2nd bullet] or System eth0 [3rd bullet] but not all cases [mostly physical hosts and some virtalization platforms - like VirtualBox])
The text was updated successfully, but these errors were encountered:
By default, NetworkManager is assuming partial ownership of eth0:
NetworkManager will tell firewalld what zone to use but firewalld won't tell NetworkManager. Upon applying salt states that update the default zone via firewalld, the active firewall state will change. However, at reboot, NetworkManager will revert the default zone. Need add logic to either:
NM_CONTROLLEDto"false"in the/etc/sysconfig/network-scripts/ifcfg-<IF>file)nmcli connection modify "System eth0" connection.zone dropis run concurrent to the firewalld commandsDown-side to 2nd and 3rd options is that the default interface can vary depending on deployment-type (most cases will be
eth0[2nd bullet] orSystem eth0[3rd bullet] but not all cases [mostly physical hosts and some virtalization platforms - like VirtualBox])The text was updated successfully, but these errors were encountered: