I'm trying to remove some rich rules from firewall-cmd and it seems to work:
firewall-cmd --remove-rich-rule 'rule family="ipv4" source address="10.4.220.143/32" port protocol="tcp" port="13782" accept'
success
But after I reload the rules and check again, the rules are still there:
firewall-cmd --reload
success
# firewall-cmd --list-all
rule family="ipv4" source address="10.4.220.143/32" port port="13724" protocol="tcp" accept
What am I doing wrong?
I think you have to add a < --permanent > statement to make your change permanent after reloading your firewall config.
firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="10.4.220.143/32" port protocol="tcp" port="13782" accept'
I created a Firewalld Rich Rules using below command to block only a specific port tcp 443
# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 port port="443" protocol="tcp" reject'
# firewall-cmd --reload
Listing Rich Rules:
# firewall-cmd --list-rich-rules
rule family="ipv4" port port="443" protocol="tcp" reject
# firewall-cmd --zone=public --list-all
success
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: dhcpv6-client ssh
ports: 22/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" port port="443" protocol="tcp" reject
Using below command i have removed Firewalld Rich Rule
# firewall-cmd --remove-rich-rule 'rule family="ipv4" port protocol="tcp" port="443" reject'
Remove the Firewalld Rich Rules if it's created with --permanent option
# firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" port protocol="tcp" port="443" reject'
