[CentOS] /etc/sysconfig/iptables syntax
James Hogarth
james.hogarth at gmail.com
Mon May 23 20:10:34 UTC 2016
On 23 May 2016 21:03, "Mike" <1100100 at gmail.com> wrote:
>
> The closest thing I could find to an iptables to firewalld conversion tool
> was Offline Configuation.
> The firewall-offline-cmd command was created to help setup firewall rules
> when Firewalld is not running.
>
> For instance, to open the tcp port 22, you would type in the
> /etc/sysconfig/iptables file:
>
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
>
> Instead, you can now execute the following command:
>
> # firewall-offline-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp
> -m state --state NEW -m tcp --dport 22 -j ACCEPT
>
> / / / / / / / / / / / / / / / / / / / / / / / / / // /
>
> It's not that convenient for a rule-set of 250 lines, but with a
> little creative copying/pasting between the iptables rules and the
> "firewall-offline-cmd --direct -add-rule ipv4 filter"
> and "firewall-offline-cmd --direct -add-rule ipv4 nat " statements, I
> suppose a decent conversion can be completed.
>
> Of course, you'd still need to apply rules to the correct zones which
> I'm still trying to digest.
>
>
Using DIRECT bypasses all the zone and service stuff.
Frankly if your going to DIRECT everything then you really are better off
masking (and removing) firewalld and installing iptables-service and just
using the old traditional way.
More information about the CentOS
mailing list