| Mckay101 |
03-24-2020 06:51 PM |
CentOS 7 firewall questions iptables vs firewalld and corresponding messages
Hello and thank you for taking the time to read my questions. I've used Linux off and on over the years but never to any really serious level but I can usually muddle my way though. That said I do have some questions regarding iptables and firewalld
1) First off opinions on which to use? My understanding is that iptables would have to be separately setup for ipv6 where as firewalld handles both at the same time. Is this right?
2) I am setting up a Cent0S 7 vps and had decided based on my understandings posted in question 1 to switch to firewalld and ran into some prompts I wasn't sure I understood. To be sure I didn't blow up my server while trying to change firewalls over I disabled the eth0 interface and access currently is via the console.
- When I run 'systemctl stop iptables' (yes rules are flushed first) I get a message "unit iptables.service not loaded" Does this mean I never had a firewall up in the first place?
- When I try to disable iptables permanently with 'systemctl disable iptables' it tells me 'no such file or directory'
Not sure if I need to worry about any of the iptables stuff mentioned above or not. This is still a very basic setup so I proceeded to enable firewalld by first enabling it and then starting it. It seems to have worked but game me a message I didn't understand: 'bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.'
I don't know if I do or don't need to pay attention to this but since ip6tables was mentioned I wanted to be sure that I'm not setting up my firewall with a gaping hole in it for ipv6.
I know some / all of this is probably pretty basic to most of you and very much appreciate your input. Thank you,
|
