centOS 7 firewallD remove direct rule
Eventually I find the remove command only work at one-time due to the rules are recorded in the direct.xml
Thus, the solution is easy, edit the direct.xml
and comment the corresponded lines or jsut delet them.
After wrestling with a stubbornly persistent redirect rule I realized through testing the following:
iptables
rules DB is transientfirewall-cmd --permanent
rules DB persists through reboots, rewritingiptables
rules DB after rebootfirewall-cmd --permanent --direct
rules DB stored in/etc/firewalld/direct.xml
persists despitefirewall-cmd [--permanent] --direct --remove-rule
unless DB file is removedfirewall-cmd [--permanent] --direct --query-rule
will lie about persistence of rules in/etc/firewalld/direct.xml