Hi
On Fri, 19 Jul 2019 18:20:35 -0400 Tim Evans wrote:
I really, really need to figure out how to port my iptables ruleset
to
work with firewalld.
You may try first to port your iptables by using the "Direct Options"
that provides firewall-cmd.
I plan to use it for a while ...
Example (you may need to add the --permanent option) that seems to
work:
## I forgot the priority here:
firewall-cmd --direct --add-rule ipv4 filter OUTPUT -p tcp -m state --state NEW -m tcp -d
127.0.0.1/32 -m owner --uid-owner 0 -j ACCEPT
usage: --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain>
<priority> <args>
## Correct all:
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m state --state NEW -m tcp
-d 127.0.0.1/32 -m owner --uid-owner 0 -j ACCEPT
success
## Check
firewall-cmd --direct --get-all-rules
ipv4 filter OUTPUT 0 -p tcp -m state --state NEW -m tcp -d 127.0.0.1/32 -m owner
--uid-owner 0 -j ACCEPT
## The rule is added to OUTPUT_direct
iptables -v -L OUTPUT_direct
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere localhost
state NEW tcp owner UID match root
--
francis