Is there a way to run just save with firewalld in RHEL7?

iptables systemd firewalld rhel7
35,641

The version of firewalld in RHEL 7.0 has no "save" script and no way to copy the running firewall configuration to the permanent configuration. You save a firewall change with firewalld by adding --permanent to the command line making the change. Without it, any change you make is temporary and will be lost when the system restarts.

For example:

firewall-cmd --add-service=http                 # Running config
firewall-cmd --add-service=http --permanent     # Startup config

Later (post-RHEL 7) versions of firewalld do include a way to save the running configuration, and this is available now in Fedora and in RHEL 7.1. In this case the command is simply:

firewall-cmd --runtime-to-permanent
Share:
35,641

Related videos on Youtube

Peter Souter
Author by

Peter Souter

Devops person, mainly using Ruby, Puppet and Terraform...

Updated on September 18, 2022

Comments

  • Peter Souter
    Peter Souter almost 2 years

    I'm starting to use RHEL7 and learning a little about the changes that come with systemd.

    Is there a way to perform /sbin/service iptables save in firewalld?

    $ /sbin/service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

    The closest parallel I can find from the Documentation is --reload:

    Reload the firewall without loosing state information:
$ firewall-cmd --reload

    But it doesn't explicitly say if it's saving or not.

  • Antony Nguyen
    Antony Nguyen over 8 years
    To continue on Michael Hampton's comment, I found that I had to restart the firewalld service ("systemctl restart firewalld") after running "firewall-cmd --runtime-to-permanent" in order for the firewall rules to be saved correctly, especially after having to remove some rules manually via iptables. It appears firewalld caches some rules, so a "firewall-cmd --reload" may re-institute rules from firewalld that should have been removed via the "--runtime-to-permanent" command.
  • AdamKalisz
    AdamKalisz over 5 years
    @AntonyNguyen you shouldn't use iptables commands when firewalld is managing the rules. FIrewalld has no way of knowing of the change (it would need to poll periodically and that would kill the performance of the firewall because of its design, which btw. is fixed by nftables) use 'firewall-cmd --direct --passthrough ipv4 -A FORWARD ... -j DROP'

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Adding a permanent PREROUTING rule in iptables using firewall-cmd
How to enable iptables (instead of firewalld) services on RHEL 7 and Fedora 18?
How can we replace iptables with firewalld in ubuntu 16.04?
How to re-enable iptables on Fedora 18?
How can I configure firewalld to block all outgoing traffic except for specific ports while allowing localhost to access any of its own local ports?
nftables dnat forwarding is not working properly
drop ip blacklist with firewalld centos 7
Cannot start iptables on RHEL 7
Why does the systemd network.service complain about "Could not load file '/etc/sysconfig/network-scripts/ifcfg-lo'"
How to load iptables rules to firewalld?