[CentOS] C7, firewalld and rich rules

Thu Jan 31 06:05:07 UTC 2019
Simon Matter <simon.matter at invoca.ch>

> Hi, again, folks,
>    I'm trying to convert a number of iptables rules to firewalld rich
> rules. I need to do this, because this is, in fact, a firewall, to
> protect access to servers with sensitive data. It will limit access to
> the servers behind it to a specific network, and nobody else, and allow
> only certain services through.
>    What I've been trying to find is a script/program that converts the
> output of iptables-save to something I can feed to firewall-cmd.
> Anyone have a link to such?
>    I admit this is annoying. Why is it, when some New Kewl thing is
> introduced, it *always* expects you to start anew, rather than giving
> you a tool to convert what you had. I ran into this 15 years ago,
> trying to put an existing website into bricolage (early CMS), and here
> I am, trying to do this.
>    Anyway, any links would be appreciated.

Did you look at Shorewall? IMHO that's what is best used in such
situations and it works since many years now.