LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page iptables and firewalld
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-23-2016, 07:50 AM   #1
CoyoteKG
LQ Newbie
 
Registered: Sep 2016
Location: Serbia
Distribution: Centos 7
Posts: 3

Rep: Reputation: Disabled
iptables and firewalld

Hello,
I know there is bunch of themes about comparing iptables and firewalld, but this time I just have one question.

I'm following some guide for installing spamassasion plugin, and there is

Quote:
Add these rules to /etc/sysconfig/iptables in the INPUT chain and reload iptables:

### razor DCC pyzor ###
-A INPUT -p tcp --dport 2703 -j ACCEPT
-A INPUT -p udp --dport 24441 -j ACCEPT
-A INPUT -p udp -m udp --dport 1024:65535 --sport 6277 -j ACCEPT
###End of razor DCC pyzor ###
But I have installed Firewalld in Centos 7.

How to add those rules to firewalld?

First two I will add with

Code:
firewall-cmd --permanent --add-port=2703/tcp
firewall-cmd --permanent --add-port=24441/udp
But third I don't know how to "translate" it to firewalld command.

If I understand correctly

-A = append
INPUT is chain
-p is protocol
--dport is destination port
--sport is source port

And this rule is

Allow everyone who is coming from port 6277 to access to every port at range 1024:65535?
 
Old 10-02-2016, 11:37 PM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
Blog Entries: 36

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
It took me a while to find. I couldn't cobble together a service or rich rule but you can make use of direct rules in firewalld. See man firewall-cmd.

For example,

Code:
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p udp -m udp --dport 1024:65535 --sport 6277 -j ACCEPT
firewall-cmd --reload
firewall-cmd --permanent --direct --get-all-rules
You can also verify the rule did the right thing by viewing the current firewall state with iptables-save.
 
1 members found this post helpful.
Old 10-07-2016, 12:43 PM   #3
CoyoteKG
LQ Newbie
 
Registered: Sep 2016
Location: Serbia
Distribution: Centos 7
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hello and thanks,

good to know, but before few days, I migrated all rules from Firewalld to iptables
So for now I will continue to use iptables.

Thank you!
 
Old 10-07-2016, 10:03 PM   #4
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
Blog Entries: 36

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
Quote:
Originally Posted by CoyoteKG View Post
Hello and thanks,

good to know, but before few days, I migrated all rules from Firewalld to iptables
So for now I will continue to use iptables.

Thank you!
I can't judge. I took some concepts from firewalld for iptables as well . https://github.com/samrocketman/home...iptables.rules and https://github.com/samrocketman/home...iptables.rules
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables and firewalld on RHEL7/Centos7 sigint-ninja Linux - Newbie 5 05-26-2016 08:15 AM
Replace IPTables with Firewalld? acidblue CentOS 5 08-06-2015 07:39 PM
[SOLVED] iptables not active/firewalld is - my web server is working but I have no idea why. Skiph Linux - Newbie 6 03-25-2015 02:16 PM
firewalld sunveer Fedora 1 02-03-2013 03:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:17 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration