Re: Firewalld - list tables?
On 05/17/2013 01:47 PM, Reindl Harald wrote: Am 17.05.2013 13:26, schrieb John Horne: However, 'firewall-cmd' offers both the '--get-chains' and '--get-rules' options, but these both require specifying which table is to be used. How do I know what the tables are? There is no '--get-tables' option. I can run 'cat /proc/net/ip_tables_names' and this lists the standard iptables tables (nat ,mangle, filter). But if I use these names with 'firweall-cmd' all I get is a blank line displayed. E.g. firewall-cmd --direct --get-chains ipv4 nat This returns only the list of chains that have been added with the --add-chain command. The same occurs with all the table names. So, my question is this, is 'firewall-cmd' working correctly and simply stating that none of the tables have any chains (and so no rules)? Secondly, how do I find out what tables are defined for firewalld? since these are all wrapper around netfilter/iptables you get the truth with "iptables --list --numeric --verbose" The tables you can use with firewalld are the same you can use with ip*tables: filter, nat, mangle, raw and security But please remember that the availability of tables is bound to the kernel and also IPv4/IPv6. With newer kernels nat is also available for IPv6. Before it was only available for IPv4. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Firewalld - list tables?
Am 17.05.2013 13:26, schrieb John Horne: > However, 'firewall-cmd' offers both the '--get-chains' and '--get-rules' > options, but these both require specifying which table is to be used. > How do I know what the tables are? There is no '--get-tables' option. > I can run 'cat /proc/net/ip_tables_names' and this lists the standard > iptables tables (nat ,mangle, filter). But if I use these names with > 'firweall-cmd' all I get is a blank line displayed. E.g. > > firewall-cmd --direct --get-chains ipv4 nat > > The same occurs with all the table names. > > So, my question is this, is 'firewall-cmd' working correctly and simply > stating that none of the tables have any chains (and so no rules)? > Secondly, how do I find out what tables are defined for firewalld? since these are all wrapper around netfilter/iptables you get the truth with "iptables --list --numeric --verbose" signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Firewalld - list tables?
On Fri, 17 May 2013 21:47:01 +0100 John Horne wrote: > On Fri, 2013-05-17 at 15:31 -0400, staticsafe wrote: > > > > > https://fedoraproject.org/wiki/FirewallD cat The firewall daemon can not parse firewall rules added by the ip*tables and ebtables command line tools. The daemon provides information about the current active firewall settings via D-BUS and also accepts changes via D-BUS using PolicyKit authentication methods -- Regards, Frank - I check for new mail app. 20min www.frankly3d.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Firewalld - list tables?
On 5/17/2013 16:47, John Horne wrote: > On Fri, 2013-05-17 at 15:31 -0400, staticsafe wrote: > >> >> https://fedoraproject.org/wiki/FirewallD >> > Yeah... I have a copy of that so where does it tell me what tables are > being used? > > > > John. > firewall-cmd --get-active-zones Thats what I have from a quick glance from that page. I don't use firewalld or Fedora. -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Firewalld - list tables?
On Fri, 2013-05-17 at 15:31 -0400, staticsafe wrote: > > https://fedoraproject.org/wiki/FirewallD > Yeah... I have a copy of that so where does it tell me what tables are being used? John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Firewalld - list tables?
On 5/17/2013 7:26, John Horne wrote: > Hello, > > I have been looking at the new Fedora firewall 'firewalld' and the > 'firewall-cmd' command. I'm currently running F17 on a PC with an F18 > virtual machine, and have been trying to understand firewalld prior to > upgrading to Fedora 19. > > The PC has a modified iptables. So I have been trying to see how to > incorporate the changes into the new firewalld. I suspect I will need to > use the 'firewall-cmd --direct' option to add the iptables rules (as I > see no other way of specifying on the rules source/destination addresses > using 'firewall-cmd'). > > However, 'firewall-cmd' offers both the '--get-chains' and '--get-rules' > options, but these both require specifying which table is to be used. > How do I know what the tables are? There is no '--get-tables' option. > I can run 'cat /proc/net/ip_tables_names' and this lists the standard > iptables tables (nat ,mangle, filter). But if I use these names with > 'firweall-cmd' all I get is a blank line displayed. E.g. > > firewall-cmd --direct --get-chains ipv4 nat > > The same occurs with all the table names. > > So, my question is this, is 'firewall-cmd' working correctly and simply > stating that none of the tables have any chains (and so no rules)? > Secondly, how do I find out what tables are defined for firewalld? > > > > > Thanks, > > John. > https://fedoraproject.org/wiki/FirewallD -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Firewalld - list tables?
On Fri, 2013-05-17 at 17:53 +0100, Frank Murphy wrote: > On Fri, 17 May 2013 12:26:46 +0100 > John Horne wrote: > > yum info firewall-config > Yeah... I already have that installed so where does it tell me what tables are being used? John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Firewalld - list tables?
On Fri, 17 May 2013 12:26:46 +0100 John Horne wrote: yum info firewall-config -- Regards, Frank - I check for new mail app. 20min www.frankly3d.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Firewalld - list tables?
Hello, I have been looking at the new Fedora firewall 'firewalld' and the 'firewall-cmd' command. I'm currently running F17 on a PC with an F18 virtual machine, and have been trying to understand firewalld prior to upgrading to Fedora 19. The PC has a modified iptables. So I have been trying to see how to incorporate the changes into the new firewalld. I suspect I will need to use the 'firewall-cmd --direct' option to add the iptables rules (as I see no other way of specifying on the rules source/destination addresses using 'firewall-cmd'). However, 'firewall-cmd' offers both the '--get-chains' and '--get-rules' options, but these both require specifying which table is to be used. How do I know what the tables are? There is no '--get-tables' option. I can run 'cat /proc/net/ip_tables_names' and this lists the standard iptables tables (nat ,mangle, filter). But if I use these names with 'firweall-cmd' all I get is a blank line displayed. E.g. firewall-cmd --direct --get-chains ipv4 nat The same occurs with all the table names. So, my question is this, is 'firewall-cmd' working correctly and simply stating that none of the tables have any chains (and so no rules)? Secondly, how do I find out what tables are defined for firewalld? Thanks, John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
