Eric Garver

I still need confirmation from someone on the Satellite team that these port changes are okay for RHEL users. @ekohl, @ehelms

I was unable to reproduce this. I created a test case using your XML from above and reload works as expected. https://github.com/erig0/firewalld/commit/1222d5343b0176f82a248de8e4b91fca40ec935d Do you have any more information that can...

Hrm. The filter has not changed since #603. Can you share some details about your topology? Any chance of asymmetric routing?

Can someone show `iptables` rules? I'm guessing wireguard is installing some iptables rules to set the fwmark.

Hrm. Nothing there. Are there nftables rules installed by wireguard? Check `nft list ruleset`. Is firewalld started before or after wireguard?

So on the return path, i.e. packets coming into the node running firewalld, there will not be a fwmark. Firewalld will do a rpfilter (fib lookup) on this packet (no...

Creating a new nftables table with this rule should do the trick. It'll apply the mark for both IPv4 and IPv6. Apply it with this: ``` # nft -f -

The rules I gave above were for the **server side** (hence why the rule used `dport`). On the **client** you likely have to use `sport` since the traffic will come...

Hrm, It looks like localsend upstream is considering changing the default port. https://github.com/localsend/protocol/issues/12 Perhaps we should hold off on adding this service. It's odd that the current port is in...

> The NetworkManager configuration should be performed in the firewall Python module, not just as part of the CLI script, as the issue is not specific to the CLI. The...