LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-26-2016, 04:29 AM   #1
tonj
Member
 
Registered: Sep 2008
Posts: 383

Rep: Reputation: 24
centos 7 and firewalld


I've been using centos 6 and iptables for ages but this new firewalld thing in centos 7 has got me completely flummoxed. I've been trawling google but can't find a converter, I need to ask if someone here can convert the following iptables rules to firewalld.
Quote:
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i <interface> -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp -m udp --dport <port> -j ACCEPT
iptables -A OUTPUT -s xx.xx.xx.xx -j DROP
iptables --table nat --append POSTROUTING --out-interface <interface> -j MASQUERADE
iptables --append FORWARD --in-interface <interface> -j ACCEPT
iptables -A INPUT -i <interface> -j ACCEPT
iptables -A OUTPUT -o <interface> -j ACCEPT
iptables -t nat -A PREROUTING -i enp0s25 -p tcp --dport 80 -j DNAT --to xx.xx.xx.xx:<port>
iptables -t nat -A PREROUTING -i enp4s0 -p tcp --dport 80 -j REDIRECT --to-port <port>
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
these rules are from a script I used on my centos 6 machine. In time I will have to get to grips with firewalld but for now I need to get a centos 7 machine running without first doings weeks of study. I know I could use iptables on centos 7 but that defeats the object of upgrading. Thanks for any help.

Last edited by tonj; 08-26-2016 at 04:52 AM.
 
Old 08-26-2016, 08:39 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,166

Rep: Reputation: 751Reputation: 751Reputation: 751Reputation: 751Reputation: 751Reputation: 751Reputation: 751
When I moved from CentOS 6 to 7 I just installed iptables and the iptables-services from repo, disable firewalld and enable iptables.

Personally I've not found any advantages of firewalld over iptables, certainly in a server situation.
 
Old 08-26-2016, 08:51 AM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,601

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
There are no advantages in firwalld. Both iptables and firwalld use the kernel iptables.

Firewalld is a thing added to "make things easier"... but it is really only useful to hide the details of what is actually happening. firewalld provides an interface to the GUI... Things that are preprogrammed for the GUI are easy (but you don't learn what it is doing), and makes it more difficult to use for anything else.

Maybe handy for a new user only familiar with GUI operations.
 
Old 08-26-2016, 08:55 AM   #4
lazydog
Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 776
Blog Entries: 1

Rep: Reputation: 122Reputation: 122
I agree with TenTenths. I did the same thing. You can follow this TUTORIAL
 
Old 08-26-2016, 12:02 PM   #5
tonj
Member
 
Registered: Sep 2008
Posts: 383

Original Poster
Rep: Reputation: 24
thanks for the responses here, I had a feeling I'd have to use iptables but wanted to hang on until the last minute - which is now.
 
Old 08-26-2016, 11:50 PM   #6
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,818

Rep: Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408
how about reading the manual
https://access.redhat.com/documentat...h_systemd.html

cent is using the redhat docs ( why post the same thing twice )
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it Firewalld, or is it me! TheDerf Linux - Networking 8 09-03-2016 07:08 PM
How to Disable connection tracking in CentOS 7, with Firewalld? Tarikc Linux - Server 1 07-15-2016 05:22 AM
[SOLVED] Firewalld on CentOS 7 not letting PHP-FPM (+Apache 2.4) through gacanepa Linux - Newbie 7 11-20-2015 10:18 PM
FirewallD configuration in CentOS 7 g.navink Linux - Security 1 11-13-2014 09:49 AM


All times are GMT -5. The time now is 08:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration