Add a New Predefined Zone

In addition to the default public predefined zone, the firewalld service provides several other predefined zones for configuration. Configuration properties for adding other predefined zones are easily configurable using the Networking page in the Cockpit web console.

What Do You Need?

• The Cockpit web console must be installed and accessible.

  For details, see these topics: Install and Enable Cockpit and Log in to the Cockpit Web Console.

• The cockpit-networkmanager package is installed. Typically, this package is installed by default. For package installation details, see Install and Manage Add-on Applications.
• Administrator privileges.

Steps

Using the Cockpit web console, follow these steps to add other firewalld predefined zones to the host system.

1. In the Networking page, find the Firewall panel and click Edit rules and zones.

   A Firewall page appears listing information for the current zone configurations.

2. In the Firewall page, click Add new zone.

   The Add zone dialog appears.

3. In the Add zone dialog, perform the following:
   1. Specify the following information:

      Property	Description
      Trust Level	Select a predefined zone from the list. Upon selecting a predefined zone, the Description property and Service included property identify information about the selected predefined zone and the firewalld services included.
      Interfaces	Assign host interfaces to the predefined zone. Select the names of the available interfaces from the host interface list. Note: A host interface can't be assigned to more than one zone at a time. By default, firewalld pairs all interfaces with the public zone. Therefore, the public zone is the only active zone. A zone is only active if it has at least one interface or source assigned. The firewalld service doesn't automatically pair sources (interface IP address ranges) to the public zone.
      Allowed addresses	Choose to assign one of the following: Entire subnet. Click subnet to allow firewall access to the entire subnet. Range. Click Range to enter a specific range of IP addresses that are allowed access through the firewall.

   2. Click Add.

      The name of the newly added zone appears on the Firewall page.