I have a firewalld rule that says: Rich Input Drop rule source ipset="blocked_ips" drop
The ipset contains for example 81.30.107.0/24, so that IP is supposedly blocked by firewalld. But in the fail2ban bans (which I receive daily) I see for example the IP 81.30.107.125 being banned … this should not happen as it should be blocked before by firewalld …
In the firewalld interface if I list the rules for the public zone I see the above rule plus the rules for Fail2ban. “All interfaces” is checked when for “Apply rules to” so it looks like everything should work as planned.
However, if I run a firewall-cmd --get-active-zones it returns nothing at all, it’s like the network interface is not in the public zone (although Virtualmin interface says it is becaus “All interfaces” is checked) …
I was about to try: sudo firewall-cmd --permanent --zone=public --change-interface=eno1 sudo firewall-cmd --reload
But I’m afraid this could break things … Any idea about this problem ?
Thanks.
Pierre
@Steini
Ok this works as expected, I added a --permanet to make it permament.
However there is a question:
if I click “All interfaces” the command sudo firewall-cmd --get-active-zones shows nothing
if I click “Selected interfaces” and at least one interface like “eno1” or if I use the command sudo firewall-cmd --zone=public --change-interface=eno1 the command sudo firewall-cmd --get-active-zonesshows eno1 as being part of the public zone
Now I’m wondering, “All interfaces” being the default, but sudo firewall-cmd --get-active-zones showing nothing, is the firewall really active on all interfaces with the public zone ??