Questions[firewalld](server)

As far as I know, there are 2 main ways to add rules in firewalld, normal "zone" rules and rich-rules. Also, I understand that when we set target="DROP, all new incoming connections will be dropped unless we add rules to allow selected incoming traffic.

I want to ask is there any standard pattern in which the firewalld rules will be applied to an incoming packet when we add new rules using regular zone rules vs rich-rules?

For example, is this the order in which firewalld rules will always be applied:

1. Normal rules
2. Rich rules
3. Default drop policy rule

I'm on a red hat 7 machine, and I need to open all ports to a specific IP on the firewall.

I tried this command:

firewall-cmd --permanent --zone=public --add-rich-rule='   rule family="ipv4"   source address="64.39.96.0/20"   port protocol="tcp" port="*" accept'

But I'm getting an invalid port error for the *

Does anyone know and can tell me how to do this correctly?

I'm trying to setup an IPv6 web-server on CentOS 7.2 with NGINX. I have tested my IPv6 connectivity outgoing and incoming - everything works. My IP, AAAA records, etc as fine as well. Essentially everything is OK until I enable FirewallD.

I have it set up to default to the drop zone with eth0 interface. I have enabled dhcpv6-client, http, https and ssh (ssh is on a custom port). When the firewall is enabled no IPv6 traffic can leave or enter the machine. Traceroute6 to anything (even the gateway) only goes to localhost. If I disable the firewall, it's all good.

I have no idea why this is happening. I couldn't find anything online in order to make FirewallD apply the same IPv4 config to the IPv6 traffic. I personally thought, it would do that automatically, as all of its commands are IP protocol agnostic.

Any help is much appreciated.

When running

[root@host ~]# firewall-cmd --get-active-zones
[root@host ~]#
[root@host ~]# firewall-cmd --get-default-zone
public

I am not getting any active zones. How can I activate a zone?

I have added many rich rule with something like this:

 firewall-cmd --permanent --zone="thezone" --add-rich-rule='rule family=ipv4 source address=1.2.3.4 reject'

And now I would like to clear/remove all those rich rules in my "thezone" zone.

Also y try to remove line for line with :

 firewall-cmd --permanent --zone="thezone" --remove-rich-rule='rule family=ipv4 source address=1.2.3.4 reject'

or

 firewall-cmd --permanent --zone="thezone" --remove-rich-rule='rule family=ipv4 source address=1.2.3.4 accept'

or

 firewall-cmd --permanent --zone="thezone" --add-rich-rule='rule family=ipv4 source address=1.2.3.4 accept'

with the firewall-cmd --reload and still haven't succeed.

Can Anyone tell me how to clear all or tell what i'm doing wrong with one by one method?