firewalld does not normalize an address of ipset entries in CIDR notation.

Solution Verified - Updated -

Issue

  • Add ipset via firewall-cmd --add-entry=10.0.1.0/22, but the 10.0.1.0/22 is not normalized in 10.0.0.0/22.
  • It should be normalized in CIDR notation.
# firewall-cmd --permanent --info-ipset=test
test
  type: hash:net
  options:
  entries: 10.0.1.0/22   <<<---
  • ipset command normalizes the address correctly.
# ipset l
Name: test
...
Number of entries: 1
Members:
10.0.0.0/22   <<<---
  • Why the firewall-cmd doesn't normalize it? And how does the rule work; as 10.0.0.0/22 or 10.0.1.0/32?

Environment

  • Red Hat Enterprise Linux 8
  • firewalld-0.8.2-7.el8_4.noarch and earlier version

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content