Firewalld: Removing Rich-rules Based On Its Own List Fails
Hi,
I have some ansible roles which each create some firewalld rich-rules. For ansible idempotency I tried to remove any dns related rich-rules before creating the ones in the playbook. After some searching I came up with this:
#!/bin/bash OLDIFS=$IFS
IFS=”
while read -r line; do firewall-cmd –zone=public –permanent
–remove-rich-rule=\’$line\’; done <<< $(firewall-cmd --zone=public
--list-rich-rules | egrep 'dns|53')
IFS=$OLDIFS
But this fails with for example:
Error: INVALID_RULE: internal error in _lexer(): rule family=”ipv4″
source NOT address=”46.23.XX.0/24″ forward-port port=”53″ protocol=”udp”
to-port=”60053″ to-addr=”46.23.XX.53″
My googling & variations came up empty. Anyone know why this is failing and could possibly share how to make this work?
Thanks!
Best, Patrick
2 thoughts on - Firewalld: Removing Rich-rules Based On Its Own List Fails
–If you don’t get help here, you might try one of the firewalld mailing lists or other support resources here:
<https://firewalld.org/community.html>
I’m curious to hear what you discover. (This might be a bug that warrants a patch for the CentOS package.)
Hi Kenneth,
Thanks for the pointer. I’ll follow up with the firewalld ML and if anything surfaces will let you know.
Best, Patrick