[CentOS] firewalld

Wed Dec 20 01:57:31 UTC 2017
Kenneth Porter <shiva at sewingwitch.com>

On 12/19/2017 3:55 PM, Emmett Culley wrote:
> That was the clue I needed.

I'm fighting a firewalld mystery myself, mostly a result of not really 
understanding the philosophy of the thing and trying to sleuth it out by 
black boxing it. But fortunately this is open source, so I'm also 
grepping the firewalld sources to figure out where these mysteries are 
coming from:


firewalld creates a lot of iptables/netfilter rules, which makes it hard 
to follow what's going on. I may cobble together a netfilter 
visualization tool that will take iptables-save and convert it into a 
graph in GraphViz dot file format to try to figure out what's going on. 
I found a Python program that seems like a partial attempt to create 
this, but it seems incomplete. The dot files lack connections between 
the chains so I just get a bunch of floating bubbles with chain names. 
The program assumes that uppercase chain names are terminal nodes, and 
firewalld loves to create chains with uppercase names.