Description of problem: According to documentation (both dbus api and man) empty zone parameter should result in selection of DEFAULT zone. But there is a difference when removing sources. Example: > [root@localhost firewalld]# firewall-cmd --get-default-zone > public > [root@localhost firewalld]# firewall-cmd --zone="home" --add-source="192.168.0.1" > success > [root@localhost firewalld]# firewall-cmd --zone="" --remove-source="192.168.0.1" > success > [root@localhost firewalld]# firewall-cmd --zone="home" --add-source="192.168.0.1" > success > [root@localhost firewalld]# firewall-cmd --zone="public" --remove-source="192.168.0.1" > Error: ZONE_CONFLICT According to documentation, both cases should result in same way, but they don't. When I'm removing source with empty zone, it is selected the correct zone which contains this source and not the default zone. It doesn't apply for other methods in zone interface, because they can be added to every zone without restriction, but source is unique and it is handled other ways. Version-Release number of selected component (if applicable): firewalld-0.3.10-4.fc21.noarch How reproducible: deterministic
This aplies to --remove-interface too and the reason is this commit: https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=cc3101ab70a3997228be7bc9f45a069c7fccfa36 Will it be OK if I explain it in firewall-cmd/firewalld.dbus man pages ? like: If zone is omitted (empty), the interface is removed from zone it belongs to.
(In reply to Jiri Popelka from comment #1) > like: > If zone is omitted (empty), the interface is removed from zone it belongs to. Or perhaps remove the [--zone=zone] from man page at all. It'll still be possible for backward compatibility, but will be undocumented, because it's not needed. like: [--permanent] --remove-interface=interface Remove binding of interface interface from zone it was previously added to.
Commited as https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=7012a071438f0110573ef7c62ea335200e76feff
This sounds reasonable and much less confusing, than it was before. Thank you.
But still in D-Bus interface it looks strange because methods are like > removeInterface(s: zone, s: interface) → s > removeSource(s: zone, s: source) → s where first argument doesn't mean anything. But this can't be simply fixed without change in interface.
firewalld-0.3.11-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/firewalld-0.3.11-1.fc20
Package firewalld-0.3.11-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-1.fc20 then log in and leave karma (feedback).
Package firewalld-0.3.11-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-2.fc20 then log in and leave karma (feedback).
Package firewalld-0.3.11-3.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.11-3.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11-3.fc20 then log in and leave karma (feedback).
firewalld-0.3.11-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.