[CentOS] Stupid C7 firewall question
me at tdiehl.org
me at tdiehl.org
Fri Oct 26 11:47:57 UTC 2018
On Thu, 25 Oct 2018, Valeri Galtsev wrote:
> Thanks Warren for nice quick start covering everything one needs to configure
> firewalld. There is one thing I am related to "direct iptables manipulation"
> which is: suppose I made configuration of some machine, which then I am going
> to replicate just by using kickstart when building new machines. What should
> I add to kickstart configuration file to make my configured firewalld part
> reproduced on all newly built machines?
We stopped using kickstart and switched to ansible but the process is basically
the same. Simply copy the appropriate files in /etc/firewalld. For me that means the
files in the zones directory and in the services directory.
Any changes you have made to the default configurations will be stored under
/etc/firewalld. If the directories are empty, then you are running defaults.
Because we run configuration management, I mostly just edit the files with an
editor. The format is generally very simple to understand. The defaults are
stored in /usr/lib/firewalld/. You can use the files there as examples by
copying them to the correct directory in /etc/firewalld and making the necessary
modifications. Don't forget to reload firewalld after any changes.
Regards,
--
Tom me at tdiehl.org
More information about the CentOS
mailing list