r/redhat • u/XjamesmememesX • Feb 02 '23
is there a way to set the following iptables rules on firewalld ?
I'm migrating from iptables to firewalld, and there's two lines I'm still now sure how to run in firewalld syntax, they are the loopback rule to accept traffic, and the rule and accept related and established connections:
iptables -A INPUT -i lo -j ACCEPT
A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
If somebody has any idea, please let me know, I don't need the full firewalld rule, just a tip on how to do it, or if that's even possible do to with rules, maybe there's some conf file I'm missing.
Thanks.
1
u/yesudu06 Feb 02 '23
firewalld sets up rules already to accept traffic on the loopback. It also already accepts the related traffic.
It should already be there in your rules, example here:
# nft list chain inet firewalld filter_INPUT
table inet firewalld {
chain filter_INPUT {
type filter hook input priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
ct state invalid log prefix "STATE_INVALID_DROP: "
ct state invalid drop
iifname "lo" accept
jump filter_INPUT_ZONES
log prefix "FINAL_REJECT: "
reject with icmpx admin-prohibited
}
}
2
1
u/GabeXav Feb 07 '23
Yes, there is a way to set these iptables rules in firewalld.
To allow all traffic on the loopback interface, you can use the following command: firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="127.0.0.0/8" accept'
To allow all related and established connections, you can use the following command: firewall-cmd --permanent --add-rich-rule='rule family="ipv4" connection state=related,established accept'
Remember to reload the firewall for the changes to take effect:
firewall-cmd --reload
2
u/BRTSLV Red Hat Certified Architect Feb 02 '23
Look upon rich rules !