On 5/22/2016 9:45 PM, Eero Volotinen wrote:> Firewalld is preferred way. You should learn it..Are there any good tools for converting an iptables-save file to a Firewalld configuration?
The closest thing I could find to an iptables to firewalld conversion tool was Offline Configuation. The firewall-offline-cmd command was created to help setup firewall rules when Firewalld is not running. For instance, to open the tcp port 22, you would type in the /etc/sysconfig/iptables file: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT Instead, you can now execute the following command: # firewall-offline-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT / / / / / / / / / / / / / / / / / / / / / / / / / // / It's not that convenient for a rule-set of 250 lines, but with a little creative copying/pasting between the iptables rules and the "firewall-offline-cmd --direct -add-rule ipv4 filter" and "firewall-offline-cmd --direct -add-rule ipv4 nat " statements, I suppose a decent conversion can be completed. Of course, you'd still need to apply rules to the correct zones which I'm still trying to digest. On Mon, May 23, 2016 at 3:24 PM, Kenneth Porter <shiva at sewingwitch.com> wrote:> On 5/22/2016 9:45 PM, Eero Volotinen wrote: > >> Firewalld is preferred way. You should learn it.. >> > > Are there any good tools for converting an iptables-save file to a > Firewalld configuration? > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
well, no. it's a bit different animal.. Eero 2016-05-23 22:24 GMT+03:00 Kenneth Porter <shiva at sewingwitch.com>:> On 5/22/2016 9:45 PM, Eero Volotinen wrote: > >> Firewalld is preferred way. You should learn it.. >> > > Are there any good tools for converting an iptables-save file to a > Firewalld configuration? > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
On 23 May 2016 21:03, "Mike" <1100100 at gmail.com> wrote:> > The closest thing I could find to an iptables to firewalld conversion tool > was Offline Configuation. > The firewall-offline-cmd command was created to help setup firewall rules > when Firewalld is not running. > > For instance, to open the tcp port 22, you would type in the > /etc/sysconfig/iptables file: > > -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT > > Instead, you can now execute the following command: > > # firewall-offline-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp > -m state --state NEW -m tcp --dport 22 -j ACCEPT > > / / / / / / / / / / / / / / / / / / / / / / / / / // / > > It's not that convenient for a rule-set of 250 lines, but with a > little creative copying/pasting between the iptables rules and the > "firewall-offline-cmd --direct -add-rule ipv4 filter" > and "firewall-offline-cmd --direct -add-rule ipv4 nat " statements, I > suppose a decent conversion can be completed. > > Of course, you'd still need to apply rules to the correct zones which > I'm still trying to digest. > >Using DIRECT bypasses all the zone and service stuff. Frankly if your going to DIRECT everything then you really are better off masking (and removing) firewalld and installing iptables-service and just using the old traditional way.