RTPengine and firewalld.policy to replace firewalld.direct
by Anthony Joseph Messina
I see in upcoming versions, firewalld.policy is to replace the functionality of
iptables and firewalld.direct.
Browsing through the documentation, I can't see how I would replace the following
with policies as I can't find how to have a custom (module provided) TARGET.
The following supports the Sipwise NGCP RTPengine iptables kernel module:
https://github.com/sipwise/rtpengine
# direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
<!-- RTPengine managed iptables chain and kernel module forwarding-->
<chain ipv="ipv4" table="filter" chain="RTPENGINE_allow"/>
<chain ipv="ipv6" table="filter" chain="RTPENGINE_allow"/>
<passthrough ipv="ipv4">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE_allow</passthrough>
<passthrough ipv="ipv4">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE --id 0</passthrough>
<passthrough ipv="ipv6">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE_allow</passthrough>
<passthrough ipv="ipv6">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE --id 0</passthrough>
</direct>
--
Anthony - https://messinet.com
F9B6 560E 68EA 037D 8C3D D1C9 FF31 3BDB D9D8 99B6