[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalld-users
Subject:    firewalld: removing rich-rules based on its own list fails
From:       patrickl () fedoraproject ! org
Date:       2021-12-22 22:40:32
Message-ID: d8201efc-d41f-708a-4ce0-c6fc4c6323be () laimbock ! com
[Download RAW message or body]

Hi,

I asked this earlier on the CentOS ML and got the pointer to ask here.
Firewalld-0.9.3-7 on EL8.5

I have some ansible roles which each create some firewalld rich-rules. 
For ansible idempotency I tried to remove any dns related rich-rules 
before creating new ones in the dns playbook. After some searching I 
came up with this:

#!/bin/bash
OLDIFS=$IFS
IFS=''
while read -r line; do firewall-cmd --zone=public --permanent 
--remove-rich-rule=\'$line\'; done <<< $(firewall-cmd --zone=public 
--list-rich-rules | egrep 'dns|53')
IFS=$OLDIFS

But this fails with for example:

Error: INVALID_RULE: internal error in _lexer(): rule family="ipv4" 
source NOT address="46.23.XX.0/24" forward-port port="53" protocol="udp" 
to-port="60053" to-addr="46.23.XX.53"

Using the line from the error prepended with firewall-cmd --zone=public 
--permanent --remove-rich-rule= works fine. My googling & variations 
came up empty. Anyone know why this is failing and could possibly share 
how to make this work?

Thanks!

Best,
Patrick
_______________________________________________
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[prev in list] [next in list] [prev in thread] [next in thread]