firewalld doesn't assign permanently a zone to virbr0
When I try to assign a zone other than the default to virbr0 interface, all seems to work fine. But when I restart firewalld, it goes to the default zone again. To reproduce:
[root@dino ~]# firewall-cmd --get-active-zones
work
interfaces: p8p1 wlp8s0
internal
interfaces: vnet0
public
interfaces: virbr0 virbr0-nic virbr1 virbr1-nic virbr2 virbr2-nic virbr3 vnet1 vnet2
[root@dino ~]# firewall-cmd --zone=internal --change-interface=virbr0
success
[root@dino ~]# firewall-cmd --zone=internal --change-interface=virbr0 --permanent
success
[root@dino ~]# firewall-cmd --get-active-zones
work
interfaces: p8p1 wlp8s0
internal
interfaces: virbr0 vnet0
public
interfaces: virbr0-nic virbr1 virbr1-nic virbr2 virbr2-nic virbr3 vnet1 vnet2
[root@dino ~]# systemctl restart firewalld.service
[root@dino ~]# firewall-cmd --get-active-zones
work
interfaces: p8p1 wlp8s0
internal
interfaces: vnet0
public
interfaces: virbr0 virbr0-nic virbr1 virbr1-nic virbr2 virbr2-nic virbr3 vnet1 vnet2
I saw that a patch was submited to solve this problem in 2013: https://www.redhat.com/archives/libvir-list/2013-April/msg00880.html
Am I making something wrong? As a workaround, I've put "firewall-cmd --zone=internal --change-interface=virbr0" in rc.local.
add a comment
