🟑 Medium   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: RHEL 10.0 RHEL 10.1

πŸ“– ~1 min read

Table of contents
  1. Problem Summary
  2. Symptoms
  3. Diagnostics
  4. Root Cause
  5. Primary Fix
  6. Verification
  7. Prevention
  8. Rollback
  9. Automation
  10. Command Reference
  11. Escalation
  12. Related Notes

Problem Summary

Rich rule exists but traffic is still blocked.

Symptoms

firewall-cmd lists rule in zone that is not bound to interface.

Diagnostics

Review active zones using firewall-cmd –get-active-zones.

Root Cause

Rule inserted into public zone while interface uses internal zone.

Primary Fix

Move rule to active zone and persist with –permanent.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for rhel-10 β€” rhel10-b02-p44-1
Illustrative mockup β€” Progressive Robot β€” Illustrative mockup β€” Progressive Robot

Verification

Test connectivity and verify counters with nft list ruleset.

Illustrative mockup for rhel-10 β€” rhel10-b02-p44-2
Illustrative mockup β€” Progressive Robot β€” Illustrative mockup β€” Progressive Robot

Prevention

Define explicit zone mapping per interface in baseline.

Rollback

Remove misplaced rich rules to avoid policy confusion.

Automation

Use infrastructure code to maintain zone/rule consistency.

Command Reference

firewall-cmd –zone= –add-rich-rule=’rule …’ –permanent

Escalation

Provide interface-zone map and expected traffic flow.

NetworkManager zone assignment can change after profile updates.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.