[CentOS] /etc/sysconfig/iptables syntax
james.hogarth at gmail.com
Mon May 23 20:10:34 UTC 2016
On 23 May 2016 21:03, "Mike" <1100100 at gmail.com> wrote:
> The closest thing I could find to an iptables to firewalld conversion tool
> was Offline Configuation.
> The firewall-offline-cmd command was created to help setup firewall rules
> when Firewalld is not running.
> For instance, to open the tcp port 22, you would type in the
> /etc/sysconfig/iptables file:
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
> Instead, you can now execute the following command:
> # firewall-offline-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp
> -m state --state NEW -m tcp --dport 22 -j ACCEPT
> / / / / / / / / / / / / / / / / / / / / / / / / / // /
> It's not that convenient for a rule-set of 250 lines, but with a
> little creative copying/pasting between the iptables rules and the
> "firewall-offline-cmd --direct -add-rule ipv4 filter"
> and "firewall-offline-cmd --direct -add-rule ipv4 nat " statements, I
> suppose a decent conversion can be completed.
> Of course, you'd still need to apply rules to the correct zones which
> I'm still trying to digest.
Using DIRECT bypasses all the zone and service stuff.
Frankly if your going to DIRECT everything then you really are better off
masking (and removing) firewalld and installing iptables-service and just
using the old traditional way.
More information about the CentOS