Implementing direct rules
If you have a prior experience with iptables
and want to combine you knowledge of iptables
with the features in firewalld
, direct rules are here to help with this migration. Firstly, if we want to implement a rule on the INPUT chain, we can check the current settings with the following command:
# firewall-cmd --direct --get-rules ipv4 filter INPUT
If you have not added any rules, the output will be empty. We will add a new rule and use a priority of 0
. This means that it will be listed at the top of the chain; however, this means little when no other rules are in place. We do need to verify that rules are added in the correct order to process if other rules are implemented:
# firewall-cmd --permanent --direct --add-rule ipv4 filter \ INPUT 0 -p tcp --dport 3128 -j ACCEPT # firewall-cmd --reload
Reverting to iptables
Additionally, there is nothing stopping you from using the iptables
service if this is what you are most familiar with.
Firstly, we can install iptables...