firewall-cmd --reload takes a long time because of loading the huge amount of rules

Solution Unverified - Updated -

Issue

  • firewall-cmd --reload takes a long time and system stops connection during the time.
# time firewall-cmd --reload
success

real    0m46.997s
user    0m0.132s
sys     0m0.018s
  • In the environment, there are rules of a huge amount of source ip address.
# firewall-cmd --info-zone=public
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.4 192.168.0.5 192.168.0.6 ...   <<<--- huge amount of rules
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

Environment

  • Red Hat Enterprise Linux 7
  • Firewalld

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content