Translated message

A translation of this page exists in English.

大量のルールをロードするため firewall-cmd --reload は時間がかかる

Solution In Progress - Updated -

Issue

  • firewall-cmd --reload は時間がかかり、その間にシステムは接続を停止します。
Raw
# time firewall-cmd --reload
success

real    0m46.997s
user    0m0.132s
sys     0m0.018s
  • この環境には、大量の送信元 IP アドレスのルールがあります。
Raw
# firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.4 192.168.0.5 192.168.0.6 ...   <<<--- huge amount of rules
services: dhcpv6-client ssh
ports: 
protocols: 
masquerade: no
forward-ports: 
source-ports: 
icmp-blocks: 
rich rules:

Environment

  • Red Hat Enterprise Linux 7
  • Firewalld

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content