On 12/19/2017 3:55 PM, Emmett Culley wrote:
That was the clue I needed.
I'm fighting a firewalld mystery myself, mostly a result of not really
understanding the philosophy of the thing and trying to sleuth it out by
black boxing it. But fortunately this is open source, so I'm also
grepping the firewalld sources to figure out where these mysteries are
coming from:
https://github.com/firewalld/firewalld
firewalld creates a lot of iptables/netfilter rules, which makes it hard
to follow what's going on. I may cobble together a netfilter
visualization tool that will take iptables-save and convert it into a
graph in GraphViz dot file format to try to figure out what's going on.
I found a Python program that seems like a partial attempt to create
this, but it seems incomplete. The dot files lack connections between
the chains so I just get a bunch of floating bubbles with chain names.
The program assumes that uppercase chain names are terminal nodes, and
firewalld loves to create chains with uppercase names.
https://github.com/larsks/dot-iptables
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
