On Thu, 25 Oct 2018, Valeri Galtsev wrote: > Thanks Warren for nice quick start covering everything one needs to configure > firewalld. There is one thing I am related to "direct iptables manipulation" > which is: suppose I made configuration of some machine, which then I am going > to replicate just by using kickstart when building new machines. What should > I add to kickstart configuration file to make my configured firewalld part > reproduced on all newly built machines? We stopped using kickstart and switched to ansible but the process is basically the same. Simply copy the appropriate files in /etc/firewalld. For me that means the files in the zones directory and in the services directory. Any changes you have made to the default configurations will be stored under /etc/firewalld. If the directories are empty, then you are running defaults. Because we run configuration management, I mostly just edit the files with an editor. The format is generally very simple to understand. The defaults are stored in /usr/lib/firewalld/. You can use the files there as examples by copying them to the correct directory in /etc/firewalld and making the necessary modifications. Don't forget to reload firewalld after any changes. Regards, -- Tom me at tdiehl.org