| View previous topic :: View next topic |
| Author |
Message |
The_Great_Sephiroth
Veteran
Joined: 03 Oct 2014
Posts: 1606
Location: Fayetteville, NC, USA
|
 Posted: Wed Jan 25, 2017 7:51 pm Post subject: Using firewalld in Gentoo... |
 |
|
I have decided to install firewalld to take advantage of firewall zones in Network Manager. Installing was a breeze and I also chose to use the 'gui' USE flag so I have a graphical way to configure the zones. However, I have a question about the "iptables" and "ip6tables" services. I am assuming I should disable them when I enable the firewalld daemon. Is this correct? They bring up my current rules, which I wrote by hand, but I need to change when I am at some locations, which requires me to input rules by hand in a terminal. You know, things like allowing Samba access on my office or home networks.
So is this as simple as removing the iptabels and ip6tables daemons from startup and adding the firewalld daemon?
_________________
Ever picture systemd as what runs "The Borg"? |
|
| Back to top |
|
 |
The_Great_Sephiroth
Veteran
Joined: 03 Oct 2014
Posts: 1606
Location: Fayetteville, NC, USA
|
| Posted: Sat Jan 28, 2017 10:16 pm Post subject: |
|
|
Anybody? I am guessing nobody has experience, or much experience with firewalld. If it uses iptables for firewalling then I assume I need to disable the old scripts and use it alone. If it does its own thing, what then?
_________________
Ever picture systemd as what runs "The Borg"? |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Sat Jan 28, 2017 10:22 pm Post subject: |
|
|
I've not used firewalld, but as you surmise, if it is managing the network with iptables, then you should not fire up iptables via /etc/init.d/iptables (or any other firewall manager that uses iptables, e.g., ipkungfu, etc.)
I'd just confirm that firewalld is indeed using iptables, buy starting firewalld, then running `iptables-save` or `iptables -nL` to see that it has installed iptables rules.
As for any particular rules that you want to have, it's a question of figuring how to invoke those depending on the overall iptables manager, in the new case, firewalld. |
|
| Back to top |
|
|
musv
Advocate
Joined: 01 Dec 2002
Posts: 3369
Location: de
|
| Posted: Mon Jan 30, 2017 7:42 am Post subject: |
|
|
Not sure about Gentoo. I had to use it widely in RHEL and CentOS.
AFAIK the iptables service does not do anything else than loading a file with saved rules.
Firewalld should respect those rules and include them into its own interface. Firewalld is just a kind of frontend for iptables, ip6tables and ebtables. At least as I understood the concept behind firewalld, you should keep the iptables service enabled.
If you want to change your configuration on base of zones, you should first remove the relevant parts of your iptables save file. |
|
| Back to top |
|
|
The_Great_Sephiroth
Veteran
Joined: 03 Oct 2014
Posts: 1606
Location: Fayetteville, NC, USA
|
| Posted: Tue Jan 31, 2017 9:22 pm Post subject: |
|
|
I was correct. I disabled the iptables and ip6tables services and enable the firewalld service. The GUI makes configuration of the zones a breeze, and then I select a zone for each wired and wireless connection, and I am golden. Thanks for the help.
_________________
Ever picture systemd as what runs "The Borg"? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
