asked on

Centos 7 - convert iptables to firewalld

I am rebuilding a centos 6.6 system into a 7.0 system.
All of my firewall rules are set up in iptables and I need to get this done overnight so don't have time to learn firewalld in a few hours.

I know I can ditch firewalld and install iptables but I'd prefer to leave the new os with the new firewall method.

Is there some way of safely converting all iptables rules to firewalld once the new os is installed?

arnold

Since this is the route you are going, your best bet is to build a VM where you can have the time to explore the firewalld syntax, structure functionality.
Have not looked at firewalld simpler as you point out given the option exists to maintain the iptables setup.

The reason IMHO, it is best to make sure you get the gist of the new, deals not with the immediate as there might be a simple conversion/converter option, the issue deals with being unfamiliar at a time when something is needed, I.e. A new rule/unexpected variance/behavior.

projects

ASKER

Don't have time, it needs to be done this evening.
I don't care to learn it at the last minute, I just need to get it working with the same ports, etc for now. I'll have more time to get familiar with it later.

arnold

I do not know of an automated conversion tool, have not looked.

short of automated, are you in the position to configure firewalld on the fly after the system boots?
What is your outage window?

projects

ASKER

Yes, I could do that, by looking at the old iptables file. My window is around 2hrs down time at most then revert or continue if things have gone well enough that services are back up.

ASKER CERTIFIED SOLUTION

arnold

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

projects

ASKER

Agreed. It's how I'll proceed, thanks.