firewalld in RHEL9 -do I have to whitelist sources on public zone now?

Ian Richens

2/2/24, 3:11 PM

we've just built our first webserver on RHEL9 (alma linux 9.1) being used to RHEL 7 (centos 7) mostly.

the firewalld config all seems the same, but when setting up our usual security setup of:

https (service) through the public zone, and then adding more sensitive remote services (ssh, mysql, cockpit) through the work zone, with a whitelist of sources.

however this setup as we normally have it on RHEL 7 wouldn't allow any https traffic through the public zone unless a source was explicitly whitelisted.

as a short term fix, I've added 0.0.0.0/0 as a source to the public zone, but that's not ipv6 compatible, and I can't see anything in the firewalld documentation for RHEL 9 that implies this is necessary. I was under the assumption that the public zone was set to all sources until you start whitelisting them.

can anyone either confirm that firewalld is now specifically requiring this kind of explicit opening of sources, or point out something else I might have missed?

0 + 0

redhat

firewalld

firewalld-zone

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: firewalld in RHEL9 -do I have to whitelist sources on public zone now?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.