firewalld rich rules with "reject" result in allowed traffic being dropped
Issue
- When ever I add the following rich rule to my configuration
"rule family="ipv4" source address="0.0.0.0/0" reject"
all connections to my server are rejected, even the ones I have already opened/allowed. The rule order doesn't matter and the zone doesn't matter. - Example rules:
public (active)
...
rich rules:
rule family="ipv4" source address="0.0.0.0/0" service name="ssh" accept
rule family="ipv4" source address="0.0.0.0/0" reject
- As soon as I add that final reject rule to any configuration, all connections are rejected/blocked to the server. I even reordered them. So rule order and zone doesn't seem to make a difference.
- In the above example, shouldn't the firewall see the accept for SSH and then stop processing and never get to the reject after that?
Environment
- Red Hat Enterprise Linux 7
- firewalld firewall
- firewalld rich rule language with a "reject" rule
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.