[SOLVED] CentOS 7 firewall questions iptables vs firewalld and corresponding messages
CentOSThis forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
CentOS 7 firewall questions iptables vs firewalld and corresponding messages
Hello and thank you for taking the time to read my questions. I've used Linux off and on over the years but never to any really serious level but I can usually muddle my way though. That said I do have some questions regarding iptables and firewalld
1) First off opinions on which to use? My understanding is that iptables would have to be separately setup for ipv6 where as firewalld handles both at the same time. Is this right?
2) I am setting up a Cent0S 7 vps and had decided based on my understandings posted in question 1 to switch to firewalld and ran into some prompts I wasn't sure I understood. To be sure I didn't blow up my server while trying to change firewalls over I disabled the eth0 interface and access currently is via the console.
- When I run 'systemctl stop iptables' (yes rules are flushed first) I get a message "unit iptables.service not loaded" Does this mean I never had a firewall up in the first place?
- When I try to disable iptables permanently with 'systemctl disable iptables' it tells me 'no such file or directory'
Not sure if I need to worry about any of the iptables stuff mentioned above or not. This is still a very basic setup so I proceeded to enable firewalld by first enabling it and then starting it. It seems to have worked but game me a message I didn't understand: 'bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.'
I don't know if I do or don't need to pay attention to this but since ip6tables was mentioned I wanted to be sure that I'm not setting up my firewall with a gaping hole in it for ipv6.
I know some / all of this is probably pretty basic to most of you and very much appreciate your input. Thank you,
- When I run 'systemctl stop iptables' (yes rules are flushed first) I get a message "unit iptables.service not loaded" Does this mean I never had a firewall up in the first place?
- When I try to disable iptables permanently with 'systemctl disable iptables' it tells me 'no such file or directory'
I just bit the bullet and “learned” firewalld. (Quotes because I’m having to look up everything, every time.)
It’s my understanding (and I could certainly be wrong) that firewalld is but a front end to firewall functions and iptables is just a different front end to that same functionality.
... I proceeded to enable firewalld by first enabling it and then starting it. It seems to have worked but gave me a message I didn't understand: 'bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.'
I don't know if I do or don't need to pay attention to this but since ip6tables was mentioned I wanted to be sure that I'm not setting up my firewall with a gaping hole in it for ipv6.
The only remaining thing I'm not sure of is this comment that came up when I enabled firewalld the first time. Any idea if it can be ignored or what exactly it means?
The only remaining thing I'm not sure of is this comment that came up when I enabled firewalld the first time. Any idea if it can be ignored or what exactly it means?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.