Salta al contenuto principale

8 /8-Stream / 9-Stream - General Support • Re: Iptables-Firewalld Conversion

I had to convert the rules to firewalld. It is already chosen not by me. Thank you for your answer.
Although you have to use FirewallD, that does not dictate how to configure it.
Rather than talking directly to firewalld, one can use an Ansible playbook.
See ... stem-roles
and ... stem-roles

That is obviously a yet another layer of abstraction (and a thing to learn) on top of the abstration that is the FirewallD.
On the bright side, if you can express your setup as Ansible inventory, then you don't need to learn how to configure
FirewallD directly. Furthermore, the play and inventory (with version control) is easy to backup and reapply,
which is awesome automation.

The only question remains, can you reproduce your "complex rules"? The "System Roles" may not support all the
FirewallD's features and the FirewallD has not supported all the kernel's possiblities. On the other hand,
if your rules are "too" complex, are they actually unnecessarily complex?


Red Hat documentation for RHEL 9 ... o-nftables still writes:
2.1.1. When to use firewalld, nftables

The following is a brief overview in which scenario you should use one of the following utilities:
  • firewalld: Use the firewalld utility for simple firewall use cases. The utility is easy to use and covers the typical use cases for these scenarios.
  • nftables: Use the nftables utility to set up complex and performance-critical firewalls, such as for a whole network.
In other words, the ones that made the choice -- were they aware of that?

Statistics: Posted by jlehtone — 2023/09/12 12:29:54