firewalld direct rules with ACCEPT not working on RHEL 8, 9
Issue
- Direct rules with ACCEPT verdict not working with nftables backend
-
Even though
httpd.service
andfirewalld.service
are running, allowing port 80 through direct rules does not provide access to the webserver:systemctl start httpd.service systemctl start firewalld.service firewall-cmd --direct --add-rule ipv4 filter INPUT 1 -p tcp --dport 80 -j ACCEPT
-
Client can't accesss, gets
No route to host
error. - Changing from
FirewallBackend=nftables
toFirewallBackend=iptables
the direct rule works. - Connectivity not working between servers when firewall getting started in RHEL8
- firewalld
direct.xml
from RHEL 7 no longer works on RHEL 8 - How do direct rules work with firewalld when firewalld uses nftables?
Environment
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- firewalld (with default
nftables
backend) - Direct firewall rule with
-j ACCEPT
to allow traffic
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.