Add a New Predefined Zone
In addition to the default public predefined zone, the firewalld
service provides several other predefined zones for configuration. Configuration properties
for adding other predefined zones are easily configurable using the
Networking page in the Cockpit web console.
What Do You Need?
- The Cockpit web console must be installed and accessible.
For details, see these topics: Install and Enable Cockpit and Log in to the Cockpit Web Console.
- The
cockpit-networkmanager
package is installed. Typically, this package is installed by default. For package installation details, see Install and Manage Add-on Applications. - Administrator privileges.
Steps
Using the Cockpit web console, follow these steps to add other
firewalld
predefined zones to the host system.
- In the Networking page, find the Firewall panel and click
Edit rules and zones.
A Firewall page appears listing information for the current zone configurations.
- In the Firewall page, click Add new
zone.
The Add zone dialog appears.
- In the Add zone dialog, perform the following:
- Specify the following information:
Property Description Trust Level Select a predefined zone from the list. Upon selecting a predefined zone, the Description property and Service included property identify information about the selected predefined zone and the
firewalld
services included.Interfaces Assign host interfaces to the predefined zone. Select the names of the available interfaces from the host interface list. Note:
A host interface can't be assigned to more than one zone at a time.By default,
firewalld
pairs all interfaces with the public zone. Therefore, the public zone is the only active zone. A zone is only active if it has at least one interface or source assigned. Thefirewalld
service doesn't automatically pair sources (interface IP address ranges) to the public zone.Allowed addresses Choose to assign one of the following: - Entire subnet. Click subnet to allow firewall access to the entire subnet.
- Range. Click Range to enter a specific range of IP addresses that are allowed access through the firewall.
- Click Add.
The name of the newly added zone appears on the Firewall page.
- Specify the following information: