[Cialug] iptables rule -> firewalld

David Champion dchamp1337 at gmail.com
Wed Sep 11 15:04:40 UTC 2019 

Here's the Redhat documentation on firewalld, it's well written and very
clear, despite possibly having had millenials involved with the project
(Sorry, LV).

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using_firewalls

If you're the GUI type, there's a very easy to use "firewall-config" tool
you can run, but the cli method of configuring it isn't that hard to learn.
I've set up a few rules for services running on custom ports, it was pretty
simple.

I suspect that firewalld is going to be similar to using other higher level
firewall config tools like shorewall - once you're using them you need to
abandon all hope of manipulating iptables directly.

-dc


On Mon, Sep 9, 2019 at 5:49 PM Jeffrey Ollie <jeff at ocjtech.us> wrote:

> Ooof. Firewalld is nice for doing basic things, but it fails miserably when
> it comes to more advanced operations or inter-operating with other
> applications that want to manipulate the iptables rules (like docker does).
> Firewalld can still do it, but you'll need to read up on direct rules.
> You'll need to run something like this:
>
> firewall-cmd --direct --add-rule ipv4 nat PREROUTING 1 -p tcp --dport 25 -j
> DNAT --to <MX IP>:25
>
> That'll change the running iptables, add "--permanent" to make that persist
> across reboots. You'll need to read up though I'm just doing this from
> memory and haven't tested.
>
> On Mon, Sep 9, 2019 at 4:45 PM David Champion <dchamp1337 at gmail.com>
> wrote:
>
> > Redhat documentation has a really nice page on firewalld.
> >
> > -dc
> >
> >
> > On Mon, Sep 9, 2019 at 4:32 PM L. V. Lammert <lvl at omnitec.net> wrote:
> >
> > > Need to persist a iptables rule, .. instead of hacking it in rc.local,
> > > woudl prefer to do it the 'firewalld' way. Any recommendations on
> > > translating?
> > >
> > > In this example, need to redirect all outbound port 25 traffic on a
> > Docker
> > > host:
> > >
> > > iptables -t nat -I PREROUTING -p tcp --dport 25 -j DNAT --to <MX IP>:25
> > >
> > > All zones.
> > >
> > >         Thanks!
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
>
>
> --
> Jeff Ollie
> The majestik møøse is one of the mäni interesting furry animals in Sweden.
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>

More information about the Cialug mailing list