[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalld-users
Subject: firewalld: removing rich-rules based on its own list fails
From: patrickl () fedoraproject ! org
Date: 2021-12-22 22:40:32
Message-ID: d8201efc-d41f-708a-4ce0-c6fc4c6323be () laimbock ! com
[Download RAW message or body]
Hi,
I asked this earlier on the CentOS ML and got the pointer to ask here.
Firewalld-0.9.3-7 on EL8.5
I have some ansible roles which each create some firewalld rich-rules.
For ansible idempotency I tried to remove any dns related rich-rules
before creating new ones in the dns playbook. After some searching I
came up with this:
#!/bin/bash
OLDIFS=$IFS
IFS=''
while read -r line; do firewall-cmd --zone=public --permanent
--remove-rich-rule=\'$line\'; done <<< $(firewall-cmd --zone=public
--list-rich-rules | egrep 'dns|53')
IFS=$OLDIFS
But this fails with for example:
Error: INVALID_RULE: internal error in _lexer(): rule family="ipv4"
source NOT address="46.23.XX.0/24" forward-port port="53" protocol="udp"
to-port="60053" to-addr="46.23.XX.53"
Using the line from the error prepended with firewall-cmd --zone=public
--permanent --remove-rich-rule= works fine. My googling & variations
came up empty. Anyone know why this is failing and could possibly share
how to make this work?
Thanks!
Best,
Patrick
_______________________________________________
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic