I’m a longtime desktop Linux user but new to networking and am trying to learn more about firewalld and typical server use cases.
Firewalld has pretty extensive documentation, but I’m having trouble making sense of the “zone” concept. In the very first section of the documentation (link) they illustrate zones in a fairly intuitive way as representing, in essence, “sets” of systems, and each of the firewall rules you set up with firewalld governs traffic traveling from one zone (the ingress zone) to another zone (the egress zone). That all makes sense.
But elsewhere, I see the word “zone” applied to not sets of systems (nodes in the network), but rather to kinds of firewall rules (arcs in the network). For example, later on in the page linked above, it discusses the idea of an “implicit zone policy” where instead of defining ingress and egress zones for a given rule, you just pick a single zone, and now the policy applies to traffic moving from that zone to (and not from?) the host.
I guess I can wrap my head around the implicit zone thing (although if I am understanding it correctly, it really seems to me like a sloppy shorthand for a firewall rule whose egress zone is simply the zone consisting of the host alone), but then here in the documentation we find a list of “pre-defined zones” which don’t seem like zones in the “set of network nodes” sense at all. For example, one of the predefined zones is work:
For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
This sounds like an entire firewall policy to me, complete with its own rules about which connections will be accepted or rejected and assumptions about which computers are “trusted” (which begs the question of what “zone” those computers belong too).
Honestly, I’m quite confused by all of this and wondering if I’m missing something fundamental. Any clarification on the easiest way to think about firewalld’s “zone” concept and how to square it with the various uses of the term through the firewalld docs would be much appreciated.
Thank you!