Being a fan of IPtables and dreading the eventual transition to Centos 7, I wondered if in C7's firewalld an interface can be assigned to a single zone or to multiple zones such as 'private' and 'trusted'.
For example interface em1 having both trusted and public zones assigned to it. If multiple zones per interface are permitted presumably one can segregate traffic by IP range ?
On 25/10/14 1:42 AM, Always Learning wrote:
Being a fan of IPtables and dreading the eventual transition to Centos 7, I wondered if in C7's firewalld an interface can be assigned to a single zone or to multiple zones such as 'private' and 'trusted'.
You can still use iptables with Centos7, if you want... (AFAIK both firewalld & iptables use the same kernel functions)
To stop and disable firewalld
systemctl stop firewalld systemctl mask firewalld
TO install iptables..
yum install iptables-services
Enable and start iptables
systemctl enable iptables systemctl start iptables
for IPV6 systemctl enable ip6tables
For example interface em1 having both trusted and public zones assigned to it. If multiple zones per interface are permitted presumably one can segregate traffic by IP range ?
Vijay Rajah wrote:
You can still use iptables with Centos7, if you want... (AFAIK both firewalld & iptables use the same kernel functions)
As a matter of interest, how does firewalld compare with shorewall? They look rather similar.
I am running CentOS-7 on a home server, with shorewall. I was not aware until I read this thread that firewalld was installed, but I find now that it is running. I'm rather surprised there have been no conflicts with shorewall. Maybe one over-rules the other?
(I notice it is installed but not running on my Fedora-20 laptop.)
On 25-10-2014 09:40, Timothy Murphy wrote:
Vijay Rajah wrote:
You can still use iptables with Centos7, if you want... (AFAIK both firewalld & iptables use the same kernel functions)
Yes.. both are just frontends for iptables with profile presets, no more than that.
As a matter of interest, how does firewalld compare with shorewall? They look rather similar.
Pretty much same idea, but firewalld should be more evolved in terms of user friendly. It even has a GUI if you want.
firewalld also has other abilities, like allowing changing just the runtime configuration, or just the persistent one..
Yet, if you are an advanced shorewall/iptables user, you may struggle to do the same on firewalld without resorting to its --direct commands.
I am running CentOS-7 on a home server, with shorewall. I was not aware until I read this thread that firewalld was installed, but I find now that it is running. I'm rather surprised there have been no conflicts with shorewall. Maybe one over-rules the other?
(I notice it is installed but not running on my Fedora-20 laptop.)
Probably your shorewall is just starting later than firewalld and is overwritting firewalld rules
Marcelo
-
Always Learning -
Marcelo Ricardo Leitner -
Timothy Murphy -
Vijay Rajah