On Jun 19, 2023, at 09:08, Amadeus WM via users <users@lists.fedoraproject.org>
wrote:
>
> So after digging a bit more into this,
>
> firewall-cmd --get-active-zone
> FedoraWorkstation
> interfaces: enp8s0
> docker
> interfaces: docker0
>
> firewall-cmd --get-default-zone
> FedoraWorkstation
>
>
> firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
> value="tcp" destination address='aa.bb.0.0/16' reject"
>
> This shows in
>
> firewall-cmd --list-all # FedoraWorkstation (active)
>
> as well as in nft:
>
> nft list ruleset
>
> chain filter_IN_FedoraWorkstation_deny {
> ip daddr a.b.0.0/16 meta l4proto tcp reject with icmp
> port-unreachable
> }
>
> but it doesn't show in iptables at all.
>
> So I suppose the rule got inserted properly, but why does it not do
> anything?
If you are basing your conclusion from the output of iptables, you should know
that iptables in Fedora is just another front end to nft, and it doesn’t show
all the nft rulesets. It’s just there for backwards comparability.
--
Jonathan Billings
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
