Bug 1367528
Summary: | RFE: Allow filtering in the FORWARD chain | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | lejeczek <peljasz> |
Component: | firewalld | Assignee: | Eric Garver <egarver> |
Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.0 | CC: | atragler, egarver, rkhan, sukulkar, todoleza |
Target Milestone: | rc | Keywords: | FutureFeature, Upstream |
Target Release: | 8.1 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-01 03:03:02 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1682341, 1872702 | ||
Bug Blocks: | 1160348 |
Description
lejeczek
2016-08-16 16:21:16 UTC
I am sorry, bit this is not natively supported by firewalld at the moment. There is a feature request upstream to add this upstream: https://github.com/t-woerner/firewalld/issues/2 It is planned for firewalld version 0.5. bump to 7.7.0 This is would be a large change to firewalld both in the user interfaces and dbus API. As such I don't think it's appropriate for RHEL-7 at this point in its life cycle. I'm bumping this to RHEL-8. It's also heavily related to bug 1492722 (OUTPUT filtering). After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. Can I ask for bit more clarification - if this is not going to be implemented - is/will there be a way/technique to forward traffic between interfaces in some orderly manner? At the moment it seems that traffic only gets passed if ifaces are in "trusted" zone, which defeats the purpose, in my opinion at least. (In reply to lejeczek from comment #15) > Can I ask for bit more clarification The feature is in upstream firewalld [1]. The feature is large enough that it will only make it's way into RHEL-8 via a package rebase. A backport is not viable. If a rebase does occur in RHEL-8, then we will reopen this bug. [1]: https://firewalld.org/2020/09/policy-objects-introduction |