On 09/09/2018 09:52 AM, Andrei Borzenkov wrote:
09.09.2018 16:27, James Knott пишет:
On 09/08/2018 12:15 PM, Andrei Borzenkov wrote:
Besides
a) using firewall-config b) using firewall-(offline-)cmd c) directly editing configuration file I looked into all those. I didn't see any way in the firewall config.
It's not like there are thousands of menu items. It is even called - surprise - "Direct".
I didn't see any other way to lauch a command when a zone is used
Direct commands are not associated with any zone. Actually they are processed before any zone configuration (except passthrough where you are supposed to know exactly what you are doing).
The idea was to create a specific network management connection that used the drop zone. I don't want it used at any other time.
I couldn't find any config file other than the zone xml file and I didn't see anything there to support it. If such is available, I certainly didn't see it documented anywhere.
man firewalld.direct
NAME firewalld.direct - firewalld direct configuration file SYNOPSIS /etc/firewalld/direct.xml DESCRIPTION Direct configuration gives a more direct access to the firewall. It requires user to know basic ip(6)tables/ebtables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...). Direct configuration should be used only as a last resort when it's not possible to use firewalld.zone(5). See also Direct Options in firewall-cmd(1). Looks to me like it's not intended to be used with zones. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org