I still prefer IPTables, so in Fedora I simply disabled firewalld and enabled IPTables. No need to uninstall. I have read that IPTables will continue to be available alongside firewalld for the unspecified future. Note that IPTables rule syntax and structure have evolved so your ruleset may need to be updated. I did find that the current version of IPTables will actually convert old rulesets on the fly, at least as far as the syntax of the individual rules is concerned. From there you can simply use iptables-save to save the converted ruleset. One of the items on my tudo list is to learn firewalld. The switch from ipchains took a bit of learning and I expect this switch will as well. One of the stated reasons for firewalld is that dynamic rule changes do not clear the old rules before loading the new ones, to paraphrase, "where IPTables does." If true, that would leave a very small amount of time in which the host would be vulnerable. I have no desire to peruse the source code to determine the veracity of that statement, so if there is someone here who could verify that changing the rules in IPTables, whether using the iptables command or the iptables-restore command, I would be very appreciative. No need to go to any trouble to locate that answer as I am merely curious. Thanks! On 07/08/2014 08:00 AM, Dennis Jacobfeuerborn wrote: > On 08.07.2014 09:12, Ljubomir Ljubojevic wrote: >> On 07/08/2014 03:41 AM, Always Learning wrote: >>> On Mon, 2014-07-07 at 21:34 -0400, Scott Robbins wrote: >>> >>>> No systemd in FreeBSD. It isn't Linux, and like any O/S, has its own >>>> oddities. >>>> >>>> It would take more adjustment, IMHO, to go from CentOS 6.x to FreeBSD than >>>> to go to 7.x. (I'm saying this as someone who uses both FreeBSD and >>>> Fedora which has given a hint of what we'll see in CentOS 7.) >>> Thanks. I've deployed C 5.10 and C 6.5. Thought I'll play with C 7. >>> >>> I notice, from http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7, the >>> apparent replacement of IPtables by firewalld >>> >>> https://fedoraproject.org/wiki/FirewallD >>> >>> >> Check "Static_Firewall" Chapter: >> https://fedoraproject.org/wiki/FirewallD#Static_Firewall_.28system-config-firewall.2Flokkit.29 >> >> and one below it. You can have iptables rules and also rules from >> system-config-firewall >> > If you want to avoid firewalld for now you can uninstall it and instead > install the iptables-services package. This replaces the old init > scripts and provides an "iptables" systemd unit file that starts and > stops iptables and if you require the old "service iptables save" > command you can reach that using "/usr/libexec/iptables/iptables.init". > > Also if you want to keep NetworkManager on a Server you can install the > NetworkManager-config-server package. This only contains a config chunk > with two settings: > no-auto-default=* > ignore-carrier=* > > With this package installed you get a more traditional handling of the > network. Interfaces don't get shutdown when the cable is pulled, no > automatic configuration of unconfigured interfaces and no automatic > reload of configuration files (the last one doesn't require the package > and is now the NetworkManager default behaviour). > > Regards, > Dennis > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- > > > ********************************************************* > David P. Both, RHCE > Millennium Technology Consulting LLC > 919-389-8678 > > dboth at millennium-technology.com > > www.millennium-technology.com > www.databook.bz - Home of the DataBook for Linux > DataBook is a Registered Trademark of David Both > ********************************************************* > This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately. >