I appreciate this post; absorbing firewalld along with the new systemctl causes me pain.
On my first CentOS7 install I tried to do my configs using the new methods but I punted on using firewalld over iptables (this was mostly due to custom fail2ban scripts that I haven't converted to use firewall-cmd).
An alternate approach that puts iptables back on CentOS7 (don't do it! learn the new system and embrace it! I still don't know that I buy into firewalld managing all of it for me to be a good thing; supposedly it's 'cleaner')
In any case, here is the 'wrong' way to fix centos7 (but I'm going to keep doing it anyways until other tools catch up):
Install iptables:
Gimme my iptables back:
Code: Select all
systemctl mask firewalld
systemctl enable iptables
(and if you need ip6tables, add an extra enable line for it)
Stop firewalld, start iptables
Code: Select all
systemctl stop firewalld
systemctl start iptables
(and start ip6tables if you need it)
Do your iptables modification just like before and save with
Code: Select all
iptables-save>/etc/sysconfig/iptables
Then,
go read through the fedora wiki on FirewallD and figure out how to make whatever it is making you need iptables work the 'firewalld way'. (Warning: It is painful to read in places...
This included also to unload the firewall . . . and
This model makes it more easy to add or remove are cringeworthy.)
