| |
@@ -249,14 +249,18 @@
|
| |
interfaces: enp1s0
|
| |
trusted
|
| |
interfaces: vbr2s0 enp2s0
|
| |
- […]# firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o enp1s0 -j MASQUERADE
|
| |
+ […]# firewall-cmd --permanent --new-policy trustedToExt
|
| |
success
|
| |
- […]# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i vbr2s0 -o enp2s0 -j ACCEPT
|
| |
+ […]# firewall-cmd --permanent --policy trustedToExt --add-ingress-zone trusted
|
| |
success
|
| |
- […]# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp1s0 -o vbr2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
| |
+ […]# firewall-cmd --permanent --policy trustedToExt --add-egress-zone FedoraServer
|
| |
+ success
|
| |
+ […]# firewall-cmd --permanent --policy trustedToExt --set-target ACCEPT
|
| |
+ success
|
| |
+ […]# firewall-cmd --reload
|
| |
success
|
| |
----
|
| |
-
|
| |
+ More information about policy objects can be seen in here https://firewalld.org/2020/09/policy-objects-introduction
|
| |
|
| |
== Integrate libvirt's virtual interface
|
| |
In case libvirt and virualization including a virtual network for the virtual machines, libvirt installs and configures its own dnsmasq instance. In most cases it is just convenient, instead of replacing the libvirt _default_ network to integrate it in NetworkManagers dnsmasq plugin. Thus, two instances of dnsmasq operate along each other.
|
| |
mrbojangles3
commented 2 years ago
Updated example to show the use of policies in firewalld. Based on the a conversation on the github issue https://github.com/firewalld/firewalld/issues/1015
and the blog posted linked within that github issue. here https://firewalld.org/2020/09/policy-objects-introduction