Bug 1367528

Summary: RFE: Allow filtering in the FORWARD chain
Product: Red Hat Enterprise Linux 8 Reporter: lejeczek <peljasz>
Component: firewalldAssignee: Eric Garver <egarver>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: atragler, egarver, rkhan, sukulkar, todoleza
Target Milestone: rcKeywords: FutureFeature, Upstream
Target Release: 8.1   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-01 03:03:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1682341, 1872702    
Bug Blocks: 1160348    

Description lejeczek 2016-08-16 16:21:16 UTC 
Description of problem:

... traffic between those interfaces?
I've tried declaring "sources" but it did not affect anything in the way I'd expected.
Is this not a bug?

I expected this a natural way to forward traffic between interfaces/subnets, to put them in the same zone. I've been reading and I apologize if I still miss this - how to pass/route LAN to LAN with firewalld - this should be one liner, one option, no?

Version-Release number of selected component (if applicable):

firewalld-0.3.9-14.el7.noarch

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Thomas Woerner 2016-09-02 13:15:35 UTC 
I am sorry, bit this is not natively supported by firewalld at the moment.

There is a feature request upstream to add this upstream: https://github.com/t-woerner/firewalld/issues/2

It is planned for firewalld version 0.5.
Comment 5 Eric Garver 2018-06-06 15:47:03 UTC 
bump to 7.7.0
Comment 6 Eric Garver 2018-11-16 18:48:17 UTC 
This is would be a large change to firewalld both in the user interfaces and dbus API. As such I don't think it's appropriate for RHEL-7 at this point in its life cycle.

I'm bumping this to RHEL-8. It's also heavily related to bug 1492722 (OUTPUT filtering).
Comment 14 RHEL Program Management 2020-11-01 03:03:02 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Comment 15 lejeczek 2020-11-06 19:50:50 UTC 
Can I ask for bit more clarification - if this is not going to be implemented - is/will there be a way/technique to forward traffic between interfaces in some orderly manner?
At the moment it seems that traffic only gets passed if ifaces are in "trusted" zone, which defeats the purpose, in my opinion at least.
Comment 16 Eric Garver 2020-11-07 13:59:28 UTC 
(In reply to lejeczek from comment #15)
> Can I ask for bit more clarification

The feature is in upstream firewalld [1]. The feature is large enough that it will only make it's way into RHEL-8 via a package rebase. A backport is not viable. If a rebase does occur in RHEL-8, then we will reopen this bug.

[1]: https://firewalld.org/2020/09/policy-objects-introduction