Bug 1577657 - Zone directive in ifcfg files ignored after upgrade to 7.5 [NEEDINFO]
Summary: Zone directive in ifcfg files ignored after upgrade to 7.5
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firewalld
Version: 7.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Eric Garver
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-13 19:18 UTC by Per Hjartoy
Modified: 2019-04-08 12:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-04-08 12:29:52 UTC
Target Upstream Version:
egarver: needinfo? (per)


Attachments (Terms of Use)

Description Per Hjartoy 2018-05-13 19:18:51 UTC
Description of problem:

On systems with no NetworkManager installed, an upgrade from 7.4 to 7.5 leads the firewalld to ignore the "ZONE=" directive in the ifcfg-<interface> file.  Running the command firewall-cmd --get-active-zones returns nothing.

A work around is to run the command (e.g.):
firewall-cmd --permanent --change-zone=eth0 --zone=internal

This creates an entry in the <zone>.xml file and 7.4 behavior is restored.

Version-Release number of selected component (if applicable):
RHEL 7.5 releae

How reproducible:
Upgrade a working 7.4 system to 7.5 system via yum

Steps to Reproduce:
1. Deinstall NetworkManager
2. Upgrade from 7.4 to 7.5
3. Run firewall-cmd --get-active-zones and observe zero output
4. firewall-cmd --permanent --change-zone=<interface> --zone=<zone> to restore functionality

Actual results:
Only default zone attached to all interfaces

Expected results:
Interface attached to the zone file stated in the ZONE= directive

Additional info:

Comment 2 Eric Garver 2019-03-01 20:54:49 UTC
(In reply to Per Hjartoy from comment #0)
> Description of problem:
> 
> On systems with no NetworkManager installed, an upgrade from 7.4 to 7.5
> leads the firewalld to ignore the "ZONE=" directive in the ifcfg-<interface>
> file.  Running the command firewall-cmd --get-active-zones returns nothing.

firewalld has never been responsible for reading the ifcfg files for an interface. That is done by network-scripts, i.e. /etc/sysconfig/network-scripts/ifup-post and should occur at boot.

After a reboot was "firewall-cmd --get-active-zones" still yielding empty?

Comment 3 Eric Garver 2019-04-08 12:29:52 UTC
Closing due to insufficient data. Please reopen if you can provide the requested information in comment 2.


Note You need to log in before you can comment on or make changes to this bug.