Salta al contenuto principale

8 /8-Stream / 9-Stream - General Support • Iptables-Firewalld Conversion

Hello, We are using Centos7.9. Since Centos7 will end of life we are moving to Centos8. So we decided to convert iptables rules to firewalld rules.
I am new in firewalld. I think i get the concepts but since we have complex rules in our system i am struggling to convert them to firewalld rules. For example i have bunch of rules like below:


iptables -A INPUT -i eth1 -p tcp -m tcp --sport 1024:65535 -m multiport --dports 8080,10077 -j ACCEPTiptables -A INPUT -i eth1 -p udp -m udp --dport 161:162 -j ACCEPT
As you can see we have source and destination ports here. So i decided to create a service for each one. For the first one i created a service like this:


<?xml version="1.0" encoding="utf-8"?><service>  <description>description</description>  <port protocol="tcp" port="8080"/>  <port protocol="tcp" port="10077"/>  <protocol value="tcp"/>  <source-port protocol="tcp" port="1024-65535"/></service>
But i am not sure this is right because as you can see we have destionation ports in our iptables rules but i cannot find "a destination port configuration" for a firewalld service. By the way my default zone is public right now. So eth1 interface zone is public. I am not even sure it needs to be public. As you can see, I'm quite confused. I need some help converting these rules. Thank you for your help

Statistics: Posted by merveyil — 2023/09/11 13:09:32