Good day all, I have been trying to manage the egress traffic with firewalld and haven't been successful.
I created a firewalld policy with the following ingress zone: dmz egress zone: drop For the dmz zone the source IP address is assigned while the interface is assigned to drop. My understanding is that the ingress zone is traffic affects the input chain while the egress is traffic on the output chain. The policy shows active; however, traffic is still permitted in both directions. Below are examples of the policy and zones respectively. test (active) priority: -1 target: DROP ingress-zones: dmz egress-zones: drop services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: dmz (active) target: default ingress-priority: 0 egress-priority: 0 icmp-block-inversion: no interfaces: sources: 192.168.10.20 services: ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: drop (default, active) target: DROP ingress-priority: 0 egress-priority: 0 icmp-block-inversion: no interfaces: eno2 sources: services: ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: I'm I missing something? Any guidance would be truly appreciated -- Kind Regards Earl Ramirez
-- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
