[CentOS] C7, firewalld and rich rules
mark
m.roth at 5-cent.us
Thu Jan 31 18:12:46 UTC 2019
Gordon Messmer wrote:
> On 1/30/19 10:05 PM, Simon Matter via CentOS wrote:
>
>> Did you look at Shorewall? IMHO that's what is best used in such
>> situations and it works since many years now.
>
> shorewall doesn't support nftables, which is largely the point of
> firewalld: The Linux firewall system is currently undergoing yet
> another deprecation and migration from iptables to nftables. firewalld
> should remain stable during the migration process. As far as I know,
> there are no plans to support nftables under shorewall, so new users will
> most likely throw away any investment they make in learning and
> implementing shorewall.
>
I seem to have missed a few posts in my thread. Let me note that
a) I'm at work. I have to do what is required.
b) we are moving from iptables to firewalld. No other options.
Since the firewall system is moving from iptables to firewalld, WHY IS
THERE NOT A PROGRAM INCLUDED with the firewalld package to convert
EXISTING rules?
Each firewall will have its own set of rules. We have three? four?
internal firewalls, *each* with its own rules. Since that's us, I assume
there are tens, if not hundreds of thousands just like us, many with more
firewalls.
Why would *ANYONE* think that everyone should just start from scratch,
taking all the time in the world to get it converted?
mark, still looking for a script
More information about the CentOS
mailing list