On 9/4/23 8:17 AM, A. F. Cano wrote:
$ sudo firewall-cmd --permanent --list-all-policies
allow-host-ipv6 (active)
priority: -15000
target: CONTINUE
ingress-zones: ANY
egress-zones: HOST
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv6" icmp-type name="neighbour-advertisement" accept
rule family="ipv6" icmp-type name="neighbour-solicitation" accept
rule family="ipv6" icmp-type name="router-advertisement" accept
rule family="ipv6" icmp-type name="redirect" accept
Please run the following commands:
$ sudo firewall-cmd --permanent --new-policy int_to_ext_fwd
$ sudo firewall-cmd --permanent --policy int_to_ext_fwd --add-ingress-zone
internal
$ sudo firewall-cmd --permanent --policy int_to_ext_fwd --add-egress-zone
external
$ sudo firewall-cmd --permanent --policy int_to_ext_fwd --set-priority 100
$ sudo firewall-cmd --permanent --policy int_to_ext_fwd --set-target ACCEPT
Then you should see the new policy listed:
$ sudo firewall-cmd --permanent --list-all-policies
allow-host-ipv6 (active)
priority: -15000
target: CONTINUE
ingress-zones: ANY
egress-zones: HOST
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv6" icmp-type name="neighbour-advertisement" accept
rule family="ipv6" icmp-type name="neighbour-solicitation" accept
rule family="ipv6" icmp-type name="router-advertisement" accept
rule family="ipv6" icmp-type name="redirect" accept
int_to_ext_fwd (active)
priority: 100
target: ACCEPT
ingress-zones: internal
egress-zones: external
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
