Hi
On Fri, 19 Jul 2019 18:20:35 -0400 Tim Evans wrote:
> I really, really need to figure out how to port my iptables ruleset to
> work with firewalld.
You may try first to port your iptables by using the "Direct Options"
that provides firewall-cmd.
I plan to use it for a while ...
Example (you may need to add the --permanent option) that seems to
work:
## I forgot the priority here:
firewall-cmd --direct --add-rule ipv4 filter OUTPUT -p tcp -m state --state NEW
-m tcp -d 127.0.0.1/32 -m owner --uid-owner 0 -j ACCEPT
usage: --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority>
<args>
## Correct all:
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m state --state
NEW -m tcp -d 127.0.0.1/32 -m owner --uid-owner 0 -j ACCEPT
success
## Check
firewall-cmd --direct --get-all-rules
ipv4 filter OUTPUT 0 -p tcp -m state --state NEW -m tcp -d 127.0.0.1/32 -m
owner --uid-owner 0 -j ACCEPT
## The rule is added to OUTPUT_direct
iptables -v -L OUTPUT_direct
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere localhost
state NEW tcp owner UID match root
--
francis
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
