LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   What would be the equivalent of this iptables command in firewalld? (https://www.linuxquestions.org/questions/linux-security-4/what-would-be-the-equivalent-of-this-iptables-command-in-firewalld-4175660737/)

abefroman 09-11-2019 02:14 PM
What would be the equivalent of this iptables command in firewalld?
 
What would be the equivalent of this iptables command in firewalld?

Code:
/sbin/iptables -t nat -A OUTPUT -m owner ! --uid-owner proxy_user -d 169.254.169.254 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:9090

ferrari 09-11-2019 06:51 PM
You may be best to use a firewalld direct rule to allow adding iptables rules with more fine-grained control...

Reference:
Code:
man firewalld.direct
Some examples:
http://wrightrocket.blogspot.com/201...firewalld.html
https://www.lisenet.com/2016/firewal...r-as-a-router/

wearenotallgurus 07-21-2020 11:21 AM
just disable firewalld and yum install iptables if that's what you're are comfy with

vincix 07-21-2020 03:58 PM
Quote:
Originally Posted by wearenotallgurus (Post 6147711)
just disable firewalld and yum install iptables if that's what you're are comfy with
And you actually had to create a user just to suggest something as stupid as that?

marliyev 07-23-2020 10:31 AM
Quote:
Originally Posted by abefroman (Post 6035761)
What would be the equivalent of this iptables command in firewalld?

Code:
/sbin/iptables -t nat -A OUTPUT -m owner ! --uid-owner proxy_user -d 169.254.169.254 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:9090
add this rules to firewall-cmd --direct [--add-rule | --passthrough ]

TB0ne 07-23-2020 10:49 AM
Quote:
Originally Posted by marliyev (Post 6148498)
add this rules to firewall-cmd --direct [--add-rule | --passthrough ]
This thread is from LAST YEAR. Anyone finding this is advised to read the firewall-cmd documentation. Doing what's suggested here has consequences; from the firewall-cmd docs:
Code:
--direct --passthrough { ipv4 | ipv6 | eb } args
Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments.
This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs.
Bolded for emphasis. Doing things with the firewall that don't give you information about their status is never a bright idea.

marliyev 07-23-2020 10:59 AM
Quote:
Originally Posted by TB0ne (Post 6148513)
This thread is from LAST YEAR. Anyone finding this is advised to read the firewall-cmd documentation. Doing what's suggested here has consequences; from the firewall-cmd docs:
Code:
--direct --passthrough { ipv4 | ipv6 | eb } args
Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments.
This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs.
Bolded for emphasis. Doing things with the firewall that don't give you information about their status is never a bright idea.
are you following me? I want to comment on this post, what do you care?

TB0ne 07-23-2020 12:11 PM
Quote:
Originally Posted by marliyev (Post 6148522)
are you following me? I want to comment on this post, what do you care?
Giving people bad advice (especially about system security) isn't good. Again, anyone coming across this (like your other threads) may take this bad advice, which is why I advised against it.

marliyev 07-23-2020 12:18 PM
Quote:
Originally Posted by TB0ne (Post 6148547)
Giving people bad advice (especially about system security) isn't good. Again, anyone coming across this (like your other threads) may take this bad advice, which is why I advised against it. Taking system security advice from someone who was unable to run a shell-script doesn't seem like a good idea.
haha)) bad advice... you cant resolve my thread so i advice you to delete your account and begin to use Photoshop))) u r fake Guru here, your place is internet cafe))) if you are man, delete your account and leave this forum, u r not guru, u r looser))

TB0ne 07-23-2020 01:21 PM
Quote:
Originally Posted by marliyev (Post 6148549)
haha)) bad advice... you cant resolve my thread so i advice you to delete your account and begin to use Photoshop))) u r fake Guru here, your place is internet cafe))) if you are man, delete your account and leave this forum, u r not guru, u r looser))
No one can resolve any of your issues, apparently, according to you. Mainly because you cannot form a clear question or provide details, and keep contradicting yourself. And you keep ignoring the LQ Forum rules. Reported, yet again...the moderators will deal with you.

marliyev 07-23-2020 01:22 PM
Quote:
Originally Posted by TB0ne (Post 6148568)
No one can resolve any of your issues, apparently, according to you. Mainly because you cannot form a clear question or provide details, and keep contradicting yourself. And you keep ignoring the LQ Forum rules. Reported, yet again...the moderators will deal with you.
reported

jeremy 07-23-2020 02:06 PM
vincix, this kind of behavior isn't tolerated at LQ.
marliyev, please stay on topic and constructive.

--jeremy


All times are GMT -5. The time now is 01:53 AM.