On Thu, 25 Oct 2018, Valeri Galtsev wrote:

> Thanks Warren for nice quick start covering everything one needs to configure 
> firewalld. There is one thing I am related to "direct iptables manipulation" 
> which is: suppose I made configuration of some machine, which then I am going 
> to replicate just by using kickstart when building new machines. What should 
> I add to kickstart configuration file to make my configured firewalld part 
> reproduced on all newly built machines?

We stopped using kickstart and switched to ansible but the process is basically
the same. Simply copy the appropriate files in /etc/firewalld. For me that means the
files in the zones directory and in the services directory.

Any changes you have made to the default configurations will be stored under
/etc/firewalld. If the directories are empty, then you are running defaults.

Because we run configuration management, I mostly just edit the files with an
editor. The format is generally very simple to understand. The defaults are
stored in /usr/lib/firewalld/. You can use the files there as examples by
copying them to the correct directory in /etc/firewalld and making the necessary
modifications. Don't forget to reload firewalld after any changes.


