FirewallD subnet reject rule not persistent

OS type and version Debian Linux 11
Webmin version 2.013

Hi guys,

When I add a whole subnet to my FirewallD rules


sudo firewall-cmd --add-rich-rule=‘rule family=ipv4 source address= port port=0-65535 protocol=tcp reject’

all rules with ‘/number’ disappear after I restart the webmin server.

Does anybody has a solution for this?

Thank you!

I haven’t had to mess with this yet so your post got me curious.

Save active runtime configuration and overwrite permanent configuration with it. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you’re happy with the configuration and you tested that it works the way you want, you save the configuration to disk.

or you can just add --permanent to the end of the command. Don’t forget to do a
firewall-cmd --reload
to reload the changed configuration.

1 Like

Tested & approved!

You are fantastic. Thank you guys. Solved my problem with the --permanent option after the command.

If you are interested. These are the subnets I block at the moment:

Life is much calmer now. If you want to know what’s hitting your ports at the moment you can tail f.e. your mail.log with

sudo tail -f /var/log/mail.log

It is quite a relevation …

Take care: Any mailserver coming out of these IP ranges can also no more mail your domains.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.