On Monday, March 1, 2021 8:19:30 AM CST Eric Garver wrote:
On Sat, Feb 27, 2021 at 11:16:04AM -0600, Anthony Joseph Messina
wrote:
> I see in upcoming versions, firewalld.policy is to replace the
> functionality of iptables and firewalld.direct.
For 90% of use cases I think they can replace direct rules.
Ok thank you. So direct rule functionality will continue to be available,
with recommendations to use policies where appropriate?
> Browsing through the documentation, I can't see how I would
replace the
> following with policies as I can't find how to have a custom (module
> provided) TARGET.
>
> The following supports the Sipwise NGCP RTPengine iptables kernel module:
>
https://github.com/sipwise/rtpengine
>
> # direct.xml
> <?xml version="1.0" encoding="utf-8"?>
> <direct>
>
> <!-- RTPengine managed iptables chain and kernel module forwarding-->
> <chain ipv="ipv4" table="filter"
chain="RTPENGINE_allow"/>
> <chain ipv="ipv6" table="filter"
chain="RTPENGINE_allow"/>
> <passthrough ipv="ipv4">-I INPUT -p udp -m udp --dport 30000:40000
-j
> RTPENGINE_allow</passthrough> <passthrough ipv="ipv4">-I
INPUT -p udp
> -m udp --dport 30000:40000 -j RTPENGINE --id 0</passthrough>
> <passthrough ipv="ipv6">-I INPUT -p udp -m udp --dport 30000:40000
-j
> RTPENGINE_allow</passthrough> <passthrough ipv="ipv6">-I
INPUT -p udp
> -m udp --dport 30000:40000 -j RTPENGINE --id 0</passthrough>>
> </direct>
There is no way to jump to an iptables chain without using direct rules.
Policies don't allow jumping.
Thank you for this clarification.