iptables 2 firewalld

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Y'all may remember me fighting this a few weeks back. I did finally
succeed, and thought that my awk script might be helpful to others. Yes,
it's really simple, it uses the build-in FORWARD chain. The line where I
skip the definition of those chains is because it *is* built in. To use
it, I did an iptables-save on the firewall that's currently in use,
changed the physdev devices to match the ones on the new box (I *loathe*
that idiot varying name convention, it is *not* helpful, and then ran it
through this script. I piped the o/p into a file, then sh scriptname did
the actual install. Following that, I did firewall-cmd --reload, and all
was wonderful, and I could ping the system inside the firewall, and from
the subnet in our building (the new one's in the datacenter), but not from
anywhere else, so the rules worked.

Note that I did the work, I work for a US gov't federal contractor, so
this was done on tax dollars, and should be free of any encumberment.

Hope it helps, folks.

BEGIN {
 priority = 1;
}
{
 if ( $0 ~ /^-A/ ) {
    if ( $2 ~ /^INPUT|^FORWARD/ ) {
	next;
    }
    else {
       rule = substr( $0, index($0, $3));
    }
    print "firewall-cmd --permanent --direct --add-rule ipv4 filter
FORWARD " priority++ " " rule;
 }
}


          mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux