firewall-cmd remove rich rule fails

Question

I'm trying to remove some rich rules from firewall-cmd and it seems to work:

 firewall-cmd --remove-rich-rule 'rule family="ipv4"   source address="10.4.220.143/32"   port protocol="tcp" port="13782" accept'

success

But after I reload the rules and check again, the rules are still there:

firewall-cmd --reload

success

# firewall-cmd --list-all
    rule family="ipv4" source address="10.4.220.143/32" port port="13724" protocol="tcp" accept

What am I doing wrong?

Answer 1

I think you have to add a < --permanent > statement to make your change permanent after reloading your firewall config.

firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="10.4.220.143/32" port protocol="tcp" port="13782" accept'

Answer 2

I created a Firewalld Rich Rules using below command to block only a specific port tcp 443

# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 port port="443" protocol="tcp" reject'

# firewall-cmd --reload

Listing Rich Rules:

# firewall-cmd --list-rich-rules
rule family="ipv4" port port="443" protocol="tcp" reject

 # firewall-cmd  --zone=public --list-all
success
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3
  sources:
  services: dhcpv6-client ssh
  ports: 22/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" port port="443" protocol="tcp" reject

Using below command i have removed Firewalld Rich Rule

 # firewall-cmd --remove-rich-rule 'rule family="ipv4" port protocol="tcp" port="443" reject'

Remove the Firewalld Rich Rules if it's created with --permanent option

 # firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" port protocol="tcp" port="443" reject'