On 23 May 2016 21:03, "Mike" 1100100@gmail.com wrote:
The closest thing I could find to an iptables to firewalld conversion tool was Offline Configuation. The firewall-offline-cmd command was created to help setup firewall rules when Firewalld is not running.
For instance, to open the tcp port 22, you would type in the /etc/sysconfig/iptables file:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
Instead, you can now execute the following command:
# firewall-offline-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
/ / / / / / / / / / / / / / / / / / / / / / / / / // /
It's not that convenient for a rule-set of 250 lines, but with a little creative copying/pasting between the iptables rules and the "firewall-offline-cmd --direct -add-rule ipv4 filter" and "firewall-offline-cmd --direct -add-rule ipv4 nat " statements, I suppose a decent conversion can be completed.
Of course, you'd still need to apply rules to the correct zones which I'm still trying to digest.
Using DIRECT bypasses all the zone and service stuff.
Frankly if your going to DIRECT everything then you really are better off masking (and removing) firewalld and installing iptables-service and just using the old traditional way.