[CentOS] /etc/sysconfig/iptables syntax

Mon May 23 20:03:11 UTC 2016
Mike <1100100 at gmail.com>

The closest thing I could find to an iptables to firewalld conversion tool
was Offline Configuation.
The firewall-offline-cmd command was created to help setup firewall rules
when Firewalld is not running.

For instance, to open the tcp port 22, you would type in the
/etc/sysconfig/iptables file:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

Instead, you can now execute the following command:

# firewall-offline-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp
-m state --state NEW -m tcp --dport 22 -j ACCEPT

/ / / / / / / / / / / / / / / / / / / / / / / / / //  /

It's not that convenient for a rule-set of 250 lines, but with a
little creative copying/pasting between the iptables rules and the
"firewall-offline-cmd --direct -add-rule ipv4 filter"
and "firewall-offline-cmd --direct -add-rule ipv4 nat " statements, I
suppose a decent conversion can be completed.

Of course, you'd still need to apply rules to the correct zones which
I'm still trying to digest.




On Mon, May 23, 2016 at 3:24 PM, Kenneth Porter <shiva at sewingwitch.com>
wrote:

> On 5/22/2016 9:45 PM, Eero Volotinen wrote:
>
>> Firewalld is preferred way. You should learn it..
>>
>
> Are there any good tools for converting an iptables-save file to a
> Firewalld configuration?
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>