Zsiraf
October 2, 2022, 4:28pm
1
Hello,
I added this rule:
firewall-cmd --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
after
firewall-cmd --runtime-to-permanent
It works fine, until firewalld restart. Then I must add the rule again.
How can I add the rule permanent?
Thank’s
Did you try to read the manual page?
If you want to make a change in runtime and permanent
configuration, use the same call with and without the --permanent
option.
Zsiraf
October 3, 2022, 7:03am
3
Yes, I did and tried to follow that.
firewall-cmd --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE --permanent
Error: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE --permanent' failed: iptables v1.8.7 (legacy): unknown option "--permanent"
Zsiraf:
Yes, I did and tried to follow that.
firewall-cmd --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE --permanent
Error: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE --permanent' failed: iptables v1.8.7 (legacy): unknown option "--permanent"
Do this…
sudo firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -
j MASQUERADE
Or one can simply execute again “firewall-cmd --runtime-to-permanent” to save complete current configuration including newly added rules as permanent configuration.
Zsiraf
October 3, 2022, 2:17pm
6
It works! I have no idea why didn’t try this method.
Thank You so much!
Zsiraf
October 3, 2022, 2:21pm
7
Unfortunately it didn’t work. The rules lost after firewalld restart.
Thank’s for help.
Works as designed As I was pointed out, firewalld does not track rules added with --passthrough option and it is even documented:
--direct --passthrough { ipv4 | ipv6 | eb } args
Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments. **This command is untracked**, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs.
To add rules to firewalld configuration that can be saved and restored one should use --add-passthrough, not --passthrough.
Zsiraf
October 5, 2022, 4:57am
9
arvidjaar:
Works as designed As I was pointed out, firewalld does not track rules added with --passthrough option and it is even documented:
--direct --passthrough { ipv4 | ipv6 | eb } args
Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments. **This command is untracked**, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs.
To add rules to firewalld configuration that can be saved and restored one should use --add-passthrough, not --passthrough.
I missed this section in the manual somehow.
I’ve been learned again something new today.
Thank’s a lot.