While I was messing around, I started to refuse the connection unless it was the service, IP, or port set in the drop zone.
# firewall-cmd --get-active-zones
drop
sources: xx.xx.xx.xx/xx
public
interfaces: ethx
What's more, when public is default, --add-source = yy.yy.yy.yy/yy will add it to both drop and public, or remove it will remove it from both.
When I tried to return to the initial state by man firewalld, there was something that looked good.
firewall-cmd --permanent --load-zone-defaults=drop
When I did this, drop was no longer active and the settings were cleared.
Finally restored ... It worked as expected.
Recommended Posts