On 23 May 2016 21:03, "Mike" <1100100 at gmail.com> wrote: > > The closest thing I could find to an iptables to firewalld conversion tool > was Offline Configuation. > The firewall-offline-cmd command was created to help setup firewall rules > when Firewalld is not running. > > For instance, to open the tcp port 22, you would type in the > /etc/sysconfig/iptables file: > > -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT > > Instead, you can now execute the following command: > > # firewall-offline-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp > -m state --state NEW -m tcp --dport 22 -j ACCEPT > > / / / / / / / / / / / / / / / / / / / / / / / / / // / > > It's not that convenient for a rule-set of 250 lines, but with a > little creative copying/pasting between the iptables rules and the > "firewall-offline-cmd --direct -add-rule ipv4 filter" > and "firewall-offline-cmd --direct -add-rule ipv4 nat " statements, I > suppose a decent conversion can be completed. > > Of course, you'd still need to apply rules to the correct zones which > I'm still trying to digest. > > Using DIRECT bypasses all the zone and service stuff. Frankly if your going to DIRECT everything then you really are better off masking (and removing) firewalld and installing iptables-service and just using the old traditional way.