CentOS 7 iptables replaced with firewalld

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

CentOS 7 iptables replaced with firewalld

Postby Box293 » Tue Jul 22, 2014 1:44 am

This should help anyone else out who has this problem.

I installed Nagios Core 4.0.7 on CentOS 7 (basic / minimum install).
After Core installs I needed to open the firewall ports to allow port 80 inbound.

Before CentOS 7 I did this:
Code: Select all
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
/sbin/service iptables save

The first command worked but the second command reported this:
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.


I found on CentOS 7 that iptables has been replaced with firewalld.

I needed to do this instead:
Code: Select all
firewall-cmd --zone=public --add-port=http/tcp
firewall-cmd --zone=public --add-port=http/tcp --permanent


You need to do both commands because the first one is for the running environment and the second one makes it permanent when the server reboots.
User avatar
Box293
Too Basu
 
Posts: 4742
Joined: Sun Feb 07, 2010 10:55 pm
Location: Deniliquin, Australia

Re: CentOS 7 iptables replaced with firewalld

Postby millisa » Tue Jul 22, 2014 3:09 am

I appreciate this post; absorbing firewalld along with the new systemctl causes me pain.

On my first CentOS7 install I tried to do my configs using the new methods but I punted on using firewalld over iptables (this was mostly due to custom fail2ban scripts that I haven't converted to use firewall-cmd).

An alternate approach that puts iptables back on CentOS7 (don't do it! learn the new system and embrace it! I still don't know that I buy into firewalld managing all of it for me to be a good thing; supposedly it's 'cleaner')
In any case, here is the 'wrong' way to fix centos7 (but I'm going to keep doing it anyways until other tools catch up):

Install iptables:
Code: Select all
yum install -y iptables-services


Gimme my iptables back:
Code: Select all
systemctl mask firewalld
systemctl enable iptables
(and if you need ip6tables, add an extra enable line for it)

Stop firewalld, start iptables
Code: Select all
systemctl stop firewalld
systemctl start iptables
(and start ip6tables if you need it)

Do your iptables modification just like before and save with
Code: Select all
iptables-save>/etc/sysconfig/iptables



Then, go read through the fedora wiki on FirewallD and figure out how to make whatever it is making you need iptables work the 'firewalld way'. (Warning: It is painful to read in places... This included also to unload the firewall . . . and This model makes it more easy to add or remove are cringeworthy.)
User avatar
millisa
 
Posts: 69
Joined: Thu Jan 16, 2014 11:13 pm
Location: Austin, TX

Re: CentOS 7 iptables replaced with firewalld

Postby Box293 » Tue Jul 22, 2014 9:09 pm

Nice info. I thought about going back to iptables but then I always like a challenge so I pushed forward with firewalld :geek:
User avatar
Box293
Too Basu
 
Posts: 4742
Joined: Sun Feb 07, 2010 10:55 pm
Location: Deniliquin, Australia


Return to Nagios Core

Who is online

Users browsing this forum: No registered users and 12 guests