I'm having following rules :
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
Everything works fine, then I'm adding following direct rules :
ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 3306 -j ACCEPT
ipv4 filter OUTPUT 2 -j DROP
Using following sample command :
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
Then I'm unable to do wget or connecting to MySQL in port 3306
I'm already follow the same question and problem at Block outgoing connections on RHEL7/CentOS7 with firewalld? and still the same problem.
The only different is at command for "--dport 80" and "--dport=80", which is I think the same.
What am I dong wrong?