Eric Garver
Eric Garver
This is not a bug. It doesn't make sense to use `toaddr` when the egress-zones contains `HOST`. Remove the `toaddr` and this policy will allow a forward port (really a...
Please retest. I think this works since 67e04210ebfe144377780c599c927e183f7207d2.
Likely fixed by #1441
This sounds like a misconfiguration. Can you show `firewall-cmd --get-default-zone` ? Also check the log file, `/var/log/firewalld`, for any recent errors. It's possible the service is not starting correctly.
I'm not sure what you mean by "wide open". I see you added sources to the `public` zone. If by "wide open" you mean others sources are allowed to access...
The default zone (public) is allowing `12000/tcp`. This is why it's being allowed. Any unassigned traffic, e.g. `192.168.122.0/24`, will go to `public`. ``` public (active) target: default icmp-block-inversion: no interfaces:...
> So you’re saying the Public Zone does not restrict by source address, correct? No. Those interfaces/sources still apply. I'm saying that for all traffic this is not assigned to...
Yes. That's correct.
Closing as not a bug.
> The reverse path filter should not filter packets when there is a reverse path available on an interface, even when there is also a reverse path available on a...