On Sat, Feb 27, 2021 at 11:16:04AM -0600, Anthony Joseph Messina wrote:
I see in upcoming versions, firewalld.policy is to replace the
functionality of
iptables and firewalld.direct.
For 90% of use cases I think they can replace direct rules.
Browsing through the documentation, I can't see how I would
replace the following
with policies as I can't find how to have a custom (module provided) TARGET.
The following supports the Sipwise NGCP RTPengine iptables kernel module:
https://github.com/sipwise/rtpengine
# direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
<!-- RTPengine managed iptables chain and kernel module forwarding-->
<chain ipv="ipv4" table="filter"
chain="RTPENGINE_allow"/>
<chain ipv="ipv6" table="filter"
chain="RTPENGINE_allow"/>
<passthrough ipv="ipv4">-I INPUT -p udp -m udp --dport 30000:40000 -j
RTPENGINE_allow</passthrough>
<passthrough ipv="ipv4">-I INPUT -p udp -m udp --dport 30000:40000 -j
RTPENGINE --id 0</passthrough>
<passthrough ipv="ipv6">-I INPUT -p udp -m udp --dport 30000:40000 -j
RTPENGINE_allow</passthrough>
<passthrough ipv="ipv6">-I INPUT -p udp -m udp --dport 30000:40000 -j
RTPENGINE --id 0</passthrough>
</direct>
There is no way to jump to an iptables chain without using direct rules.
Policies don't allow jumping.