Hi,

I have some ansible roles which each create some firewalld rich-rules. For ansible idempotency I tried to remove any dns related rich-rules before creating the ones in the playbook. After some searching I came up with this:

#!/bin/bash OLDIFS=$IFS
IFS=”
while read -r line; do firewall-cmd –zone=public –permanent
–remove-rich-rule=\’$line\’; done <<< $(firewall-cmd --zone=public --list-rich-rules | egrep 'dns|53') IFS=$OLDIFS But this fails with for example: Error: INVALID_RULE: internal error in _lexer(): rule family=”ipv4″ source NOT address=”46.23.XX.0/24″ forward-port port=”53″ protocol=”udp” to-port=”60053″ to-addr=”46.23.XX.53″ My googling & variations came up empty. Anyone know why this is failing and could possibly share how to make this work? Thanks! Best, Patrick