firewalld: adding zone and service wont work - direct rule works

asked 2016-02-05 10:33:40 -0500

tomds gravatar image


on my centos server (example ip) i created a service called tivoli:


 <description>tivoli backup service</description>
 <port port="1501" protocol="tcp"/>

and a firewalld zone called tivoli:


 <description>tivoli adsm server</description>
 <source address=""/>
 <service name="tivoli"/>

and expected after a

$ firewall-cmd --reload

that i can connect from to the open and listening port 1501 on , but:

$ telnet 1501
telnet: Unable to connect to remote host: No route to host

behaves like before defining the zone and service. although a iptables -L shows all the rules and chains that look the same as with a similar working service + zone.

in contrast when i define a direct rule, it works as expected:

$ firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 1501 --source -j ACCEPT

and i can connect with telnet with the same command.

so what is going wrong here? am i missing something?

edit retag flag offensive close merge delete


Hey, so my answer was totally wrong - you were right. That's what I get for trusting the Interwebs over some testing! Drat! Anyway, I deleted it for the sake of not having misleading information up here.

So if you determined your problem was the result of overlapping zones, posting a clear explanation as your answer and accepting it would be the right thing to do. Sorry for the bad answer! Thanks for making me chase it down.

bitwiseoperator gravatar imagebitwiseoperator ( 2016-02-16 22:00:58 -0500 )edit