firewalld breaks networking on Fedora34 if port ranges overlap #269
Labels
bug
This issue/PR relates to a bug.
verified
This issue has been verified/reproduced by maintainer
waiting_on_contributor
Needs help. Feel free to engage to get things unblocked
SUMMARY
Using
ansible.posix.firewalld
to open ports bypasses some of the checks that are done by firewall-cmd and can lead to configurations which bring break networking (rather than aborting early).ISSUE TYPE
COMPONENT NAME
ansible.posix.firewalld
ANSIBLE VERSION
COLLECTION VERSION
v1.3.0
CONFIGURATION
None
OS / ENVIRONMENT
Fedora 34 (Workstation Edition)
STEPS TO REPRODUCE
test-playbook.yml
EXPECTED RESULTS
Expected output is to abort before adding the overlapping ports. Network expected to be working.
Example trying to add conflicting ports with firewall-cmd:
Expected contents of /etc/firewalld/zones/FedoraWorkstation.xml (output from running above firewall-cmd commands). Note that port range
1000-1010/tcp
is added, but1002-1003/tcp
is not.ACTUAL RESULTS
Overlapping ports are added to the firewall zone. This causes networking to stop working:
Actual contents of /etc/firewalld/zones/FedoraWorkstation.xml. Note that both port range
1000-1010/tcp
and1002-1003/tcp
are added.The text was updated successfully, but these errors were encountered: