-
Bug
-
Resolution: Won't Do
-
Normal
-
None
-
rhel-9.2.0
-
None
-
None
-
Moderate
-
rhel-sst-networking-core
-
ssg_networking
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
-
x86_64
-
None
What were you trying to do that didn't work?
Trying to filter who has access to port 9100 as opened by the podman-quadlet unit file.
How reproducible:
Steps to reproduce
- install a system with podman quadlet and firewalld
- ensure firewalld is using the public zone for the network interfaces
- copy the attached unit file into /etc/container/systemd/
- reboot system
- note port 9100 is not filtered out by the firewall
Expected results
port 9100 would be filtered out by the firewall
Actual results
the DNAT occurs before firewalld's rule set and as a result port 9100 is open to the world.