On Thu, 25 Oct 2018, Valeri Galtsev wrote:
Thanks Warren for nice quick start covering everything one needs to configure firewalld. There is one thing I am related to "direct iptables manipulation" which is: suppose I made configuration of some machine, which then I am going to replicate just by using kickstart when building new machines. What should I add to kickstart configuration file to make my configured firewalld part reproduced on all newly built machines?
We stopped using kickstart and switched to ansible but the process is basically the same. Simply copy the appropriate files in /etc/firewalld. For me that means the files in the zones directory and in the services directory.
Any changes you have made to the default configurations will be stored under /etc/firewalld. If the directories are empty, then you are running defaults.
Because we run configuration management, I mostly just edit the files with an editor. The format is generally very simple to understand. The defaults are stored in /usr/lib/firewalld/. You can use the files there as examples by copying them to the correct directory in /etc/firewalld and making the necessary modifications. Don't forget to reload firewalld after any changes.
Regards,