firewalld went wrong, so I managed to fix it.

less than 1 minute read

Can I connect only with the rules described in drop? !!

While I was messing around, I started to refuse the connection unless it was the service, IP, or port set in the drop zone.

# firewall-cmd --get-active-zones
   sources: xx.xx.xx.xx/xx
   interfaces: ethx

What’s more, when public is default, –add-source = yy.yy.yy.yy/yy will add it to both drop and public, or remove it will remove it from both.

When I tried to return to the initial state by man firewalld, there was something that looked good.

firewall-cmd --permanent --load-zone-defaults=drop

When I did this, drop was no longer active and the settings were cleared.

Finally restored …
It worked as expected.