How to load iptables rules to firewalld?
Solution 1
A good place to start is the RHEL 6 --> 7 migration planning guide but in short:
- If you configured your RHEL/CentOS 6 firewall with
system-config-firewall
, you can use thefirewall-offline-cmd
tool to migrate the configuration from/etc/sysconfig/system-config-firewall
into the default zone of firewalld. -
If you used any other method to configure your current firewall there is, as far as I know, no practical migration to firewalld and your options are:
- either create a new configuration with firewall-cmd or firewall-config
- disable firewalld and continue to use the old iptables and ip6tables services. That allows you to keep the existing firewall rules. Copy the
iptables-save
export and load it with iptables-restore. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using_iptables
Solution 2
Inside SSH CentOS 6 execute these commands :
sudo iptables-save > iptables-export
cat iptables-export
scp iptables-export user@server_b_ip_address:/tmp
Firewalld stores its configuration in /etc/firewalld
and within that directory you can find various configuration files:
-
firewalld.conf
provides overall configuration. - Files in the
zones
directory provide your custom firewall rules for each zone. - Files in the
services
directory provide custom services you have defined. - Files in the
icmptypes
directory provide custom icmptypes you have defined.
There is a matching directory structure in /usr/lib/firewalld
which provides the defaults for zones, services and icmptypes, in case you want to start customizing from a template, or simply see what the files look like.
The firewall configuration of the main services (ftp, httpd, etc) comes in the /usr/lib/firewalld/services
directory. But it is still possible to add new ones in the /etc/firewalld/services
directory. Also, if files exist at both locations for the same service, the file in the /etc/firewalld/services
directory takes precedence.
Have great day future friend .! ;-)
Related videos on Youtube
Ikrom
Updated on September 18, 2022Comments
-
Ikrom over 1 year
I've got centos 6 running server. It uses iptables. I want to migrate to centos 7. Centos 7 uses firewalld.
My aim is to download iptables configuration(rules) and apply to firewalld. I can download iptables rules like this:iptables-save
I don't know how to apply
iptables-save
's output to firewalld. I hope there is automated way. Question: How can I apply current iptables rules to firewalld? I don't like to configure manually because there might be many server with big iptables rules/configs. -
MAChitgarha about 3 yearsThe first link is broken.
-
parttimeturtle over 2 yearsIf you're going to copy someone else's work word-for-word you should at least give credit serverfault.com/questions/655851/…