add domain name to firewalld source

chamberchain · Post by **chamberchain** » 2015/06/25 01:05:49

I want to add my domain to my trusted zone. but seemingly firewall-cmd don't accept domain name as a source. could anyone help me please.
hope you all can understand my English....

Post by **TrevorH** » 2015/06/25 07:26:32

If you use iptables then that will accept the domain name but it's pretty pointless since what it does is look up the domain name at the time you run the iptables command, resolve it to an ip address and then use that ip address in the resulting rule. It does not track changes to the domain name entry so if you update the DNS entry to point to a new IP address then the iptables rule will still point to the old one. The fact that firewall-cmd refuses to do that just means you don't get a false sense of it having worked as you think it might. Domain names are not supported in firewall rules - the DNS lookup for every packet would be too much of an overhead (and if used in a rule about DNS names would lead to a loop!).

CentOS

add domain name to firewalld source

add domain name to firewalld source

Re: add domain name to firewalld source