Centos 7 - convert iptables to firewalld

I am rebuilding a centos 6.6 system into a 7.0 system.
All of my firewall rules are set up in iptables and I need to get this done overnight so don't have time to learn firewalld in a few hours.

I know I can ditch firewalld and install iptables but I'd prefer to leave the new os with the new firewall method.

Is there some way of safely converting all iptables rules to firewalld once the new os is installed?
projectsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Since this is the route you are going, your best bet is to build a VM where you can have the time to explore the firewalld syntax, structure functionality.
Have not looked at firewalld simpler as you point out given the option exists to maintain the iptables setup.

The reason IMHO, it is best to make sure you get the gist of the new, deals not with the immediate as there might be a simple conversion/converter option, the issue deals with being unfamiliar at a time when something is needed, I.e. A new rule/unexpected variance/behavior.
0
projectsAuthor Commented:
Don't have time, it needs to be done this evening.
I don't care to learn it at the last minute, I just need to get it working with the same ports, etc for now. I'll have more time to get familiar with it later.
0
arnoldCommented:
I do not know of an automated conversion tool, have not looked.

short of automated, are you in the position to configure firewalld on the fly after the system boots?
What is your outage window?
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

projectsAuthor Commented:
Yes, I could do that, by looking at the old iptables file. My window is around 2hrs down time at most then revert or continue if things have gone well enough that services are back up.
0
arnoldCommented:
The option to go with iptables is still a viable option. IMHO, changes should go in one change at a time. Given firewalld will be new, a non functional application transitioned to the new system might be incompatible with centos 7 pick your reason, or a firewalld rule not barring the access but is interfering with another portion I.e. Defaults to outgoing traffic rules being applied, etc.

Having a single change will help maintain your focus on the likely culprit versus trying to figure out which of the changes is the cause for the issue at hand.

Is it a viable possibility for you to go with going to centos 7 while still using iptables..
If so, you will have the time to request the next change window while getting familiar with firewalld to create the rules/script the creation of the rules you want.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
projectsAuthor Commented:
Agreed. It's how I'll proceed, thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.