Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-26522

podman-quadlet loads NAT rules that bypass firewall restrictions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Normal
    • None
    • rhel-9.2.0
    • firewalld
    • None
    • Normal
    • sst_networking_core
    • ssg_networking
    • False
    • Hide

      None

      Show
      None
    • Red Hat Enterprise Linux
    • x86_64

    Description

      What were you trying to do that didn't work?

      Trying to filter who has access to port 9100 as opened by the podman-quadlet unit file.

      How reproducible:

      Steps to reproduce

      1. install a system with podman quadlet and firewalld
      2. ensure firewalld is using the public zone for the network interfaces
      3.  copy the attached unit file into /etc/container/systemd/
      4.  reboot system
      5. note port 9100 is not filtered out by the firewall

      Expected results

      port 9100 would be filtered out by the firewall

      Actual results

      the DNAT occurs before firewalld's rule set and as a result port 9100 is open to the world. 

       

      Attachments

        Activity

          People

            egarver Eric Garver
            rhn-support-npalanis Nandhika Palanisamy
            Eric Garver Eric Garver
            qe-baseos-daemons qe-baseos-daemons
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: