Can't remove interface from zone with NetworkManager enabled. - Firewalld / Centos8

linux centos firewalld

5,212

Run into this several times before, nmcli does not want to let you remove an interface from a zone. What it will allow is for you to move it -

nmcli con mod blah connection.zone internal

which at least gets it out of the zone you want to leave.

Then you can either turn down the interface with nmcli or go right to

/etc/sysconfig/network-scripts/ifcfg-emx

and toggle

ONBOOT=no

and completely remove the line

ZONE=whatev

then its -

systemctl restart network

and voila, its gone from the firewall and nmcli doesn't care what happened.

This is for old guys used to the good old days of CentOS 4 & 5.. I'm thinking there is probably a way to do it all in nmcli but I haven't figured it out yet, maybe some other learned individual could advise.

5,212

JohnyFailLab

Updated on September 18, 2022

Comments

JohnyFailLab over 1 year
My issue is when I'm trying to remove interface from public (default) zone I get error:

firewall-cmd --zone=public --remove-interface=eth0 --permanent
```
The interface is under control of NetworkManager and already bound to the default zone.

The interface is under control of NetworkManager, setting zone to default.

success
```
Public zone configuration:
```
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: 
services: 
ports: 
protocols: 
masquerade: no
forward-ports: 
source-ports: 
icmp-blocks: 
rich rules: `
```
When I am stopping the NetworkManager it allows me to remove it. However when I start NetworkManager back again and restart firewalld the interface eth0 is back in public zone.
- Admin about 4 years
  
  In theory you fix this by nmcli connection modify eth0 connection.zone work (or whatever zone to put it in)
- Admin over 3 years
  
  same problem here, nmcli command of @aredridel sadly didn't work...
- Admin over 3 years
  
  Just in case: something like firewall-cmd --change-interface=lxcbr0 --zone=lxc --permanent it worked for me.