Hi
On Fri, 19 Jul 2019 18:20:35 -0400 Tim Evans wrote:
> I really, really need to figure out how to port my iptables ruleset to
> work with firewalld.
You may try first to port your iptables by using the "Direct Options"
that provides firewall-cmd.
I plan to use it for a while ...
Example (you may need to add the --permanent option) that seems to
work:
## I forgot the priority here:
firewall-cmd --direct --add-rule ipv4 filter OUTPUT -p tcp -m state --state NEW -m tcp -d 127.0.0.1/32 -m owner --uid-owner 0 -j ACCEPT
usage: --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>
## Correct all:
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m state --state NEW -m tcp -d 127.0.0.1/32 -m owner --uid-owner 0 -j ACCEPT
success
## Check
firewall-cmd --direct --get-all-rules
ipv4 filter OUTPUT 0 -p tcp -m state --state NEW -m tcp -d 127.0.0.1/32 -m owner --uid-owner 0 -j ACCEPT
## The rule is added to OUTPUT_direct
iptables -v -L OUTPUT_direct
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere localhost state NEW tcp owner UID match root
--
francis
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
