6

My issue is when I'm trying to remove interface from public (default) zone I get error:

firewall-cmd --zone=public --remove-interface=eth0 --permanent

The interface is under control of NetworkManager and already bound to the default zone.

The interface is under control of NetworkManager, setting zone to default.

success

Public zone configuration:

public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: 
services: 
ports: 
protocols: 
masquerade: no
forward-ports: 
source-ports: 
icmp-blocks: 
rich rules: `

When I am stopping the NetworkManager it allows me to remove it. However when I start NetworkManager back again and restart firewalld the interface eth0 is back in public zone.

Rayleigh
  • 805
  • 1
  • 6
  • 18
JohnyFailLab
  • 133
  • 3
  • 9
  • In theory you fix this by `nmcli connection modify eth0 connection.zone work` (or whatever zone to put it in) – aredridel Apr 08 '20 at 21:43
  • same problem here, nmcli command of @aredridel sadly didn't work... – sebelk Dec 29 '20 at 14:17
  • 1
    Just in case: something like `firewall-cmd --change-interface=lxcbr0 --zone=lxc --permanent` it worked for me. – sebelk Dec 29 '20 at 14:30

1 Answers1

3

Run into this several times before, nmcli does not want to let you remove an interface from a zone. What it will allow is for you to move it -

nmcli con mod blah connection.zone internal

which at least gets it out of the zone you want to leave.

Then you can either turn down the interface with nmcli or go right to

/etc/sysconfig/network-scripts/ifcfg-emx

and toggle

ONBOOT=no

and completely remove the line

ZONE=whatev

then its -

systemctl restart network

and voila, its gone from the firewall and nmcli doesn't care what happened.

This is for old guys used to the good old days of CentOS 4 & 5.. I'm thinking there is probably a way to do it all in nmcli but I haven't figured it out yet, maybe some other learned individual could advise.

.

Greenonline
  • 1,759
  • 7
  • 16
  • 21
sharpy1064
  • 31
  • 3