Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
... traffic between those interfaces?
I've tried declaring "sources" but it did not affect anything in the way I'd expected.
Is this not a bug?
I expected this a natural way to forward traffic between interfaces/subnets, to put them in the same zone. I've been reading and I apologize if I still miss this - how to pass/route LAN to LAN with firewalld - this should be one liner, one option, no?
Version-Release number of selected component (if applicable):
firewalld-0.3.9-14.el7.noarch
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
I am sorry, bit this is not natively supported by firewalld at the moment.
There is a feature request upstream to add this upstream: https://github.com/t-woerner/firewalld/issues/2
It is planned for firewalld version 0.5.
This is would be a large change to firewalld both in the user interfaces and dbus API. As such I don't think it's appropriate for RHEL-7 at this point in its life cycle.
I'm bumping this to RHEL-8. It's also heavily related to bug 1492722 (OUTPUT filtering).
Comment 14RHEL Program Management
2020-11-01 03:03:02 UTC
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Can I ask for bit more clarification - if this is not going to be implemented - is/will there be a way/technique to forward traffic between interfaces in some orderly manner?
At the moment it seems that traffic only gets passed if ifaces are in "trusted" zone, which defeats the purpose, in my opinion at least.
(In reply to lejeczek from comment #15)
> Can I ask for bit more clarification
The feature is in upstream firewalld [1]. The feature is large enough that it will only make it's way into RHEL-8 via a package rebase. A backport is not viable. If a rebase does occur in RHEL-8, then we will reopen this bug.
[1]: https://firewalld.org/2020/09/policy-objects-introduction