The closest thing I could find to an iptables to firewalld conversion tool was Offline Configuation. The firewall-offline-cmd command was created to help setup firewall rules when Firewalld is not running.
For instance, to open the tcp port 22, you would type in the /etc/sysconfig/iptables file:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
Instead, you can now execute the following command:
# firewall-offline-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
/ / / / / / / / / / / / / / / / / / / / / / / / / // /
It's not that convenient for a rule-set of 250 lines, but with a little creative copying/pasting between the iptables rules and the "firewall-offline-cmd --direct -add-rule ipv4 filter" and "firewall-offline-cmd --direct -add-rule ipv4 nat " statements, I suppose a decent conversion can be completed.
Of course, you'd still need to apply rules to the correct zones which I'm still trying to digest.
On Mon, May 23, 2016 at 3:24 PM, Kenneth Porter shiva@sewingwitch.com wrote:
On 5/22/2016 9:45 PM, Eero Volotinen wrote:
Firewalld is preferred way. You should learn it..
Are there any good tools for converting an iptables-save file to a Firewalld configuration?
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos