Attach Interface to Specific Firewall Zone in RHEL 8
One of the first things I had to do on my recently built RHEL 8 PC was to move the primary network interface from public (default) zone to home zone – to make sure any firewall ports I open stay private enough.
How To List Which Zones and Interfaces are Active
Using the get-active-zones option of the firewall-cmd command, it’s possible to confirm where eno1 interface is at the moment. It’s already in the home zone cause I made the update earlier:
root@redhat:~ # firewall-cmd --get-active-zones home interfaces: eno1 libvirt interfaces: virbr0
Attach Interface to a Firewall Zone
Here’s how one can move specified interface into a zone we want:
root@redhat:~ # firewall-cmd --zone=home --change-interface=eno1 success
Just to show how it works, I’m going to move eno1 into public zone and back to home one:
root@redhat:~ # firewall-cmd --zone=public --change-interface=eno1 success root@redhat:~ # firewall-cmd --get-active-zones libvirt interfaces: virbr0 public interfaces: eno1
Making Sure Firewall Changes Are Permanent
Don’t forget that after confirming a working firewall configuration, you need to re-run the same command with permanent option – this will update necessary files to make sure your firewall changes can survive a reboot:
root@redhat:~ # firewall-cmd --zone=home --change-interface=eno1 --permanent The interface is under control of NetworkManager, setting zone to 'home'. success
That’s it for today. Am really enjoying RHEL 8 configuration and still have this feeling I barely scratch the surface with all the new improvements this Red Hat Enterprise Linux brings.