top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Firewalld - list tables?

0 votes
865 views

I have been looking at the new Fedora firewall 'firewalld' and the 'firewall-cmd' command. I'm currently running F17 on a PC with an F18 virtual machine, and have been trying to understand firewalld prior to
upgrading to Fedora 19.

The PC has a modified iptables. So I have been trying to see how to incorporate the changes into the new firewalld. I suspect I will need to use the 'firewall-cmd --direct' option to add the iptables rules (as I
see no other way of specifying on the rules source/destination addresses using 'firewall-cmd').

However, 'firewall-cmd' offers both the '--get-chains' and '--get-rules' options, but these both require specifying which table is to be used. How do I know what the tables are? There is no '--get-tables' option.
I can run 'cat /proc/net/ip_tables_names' and this lists the standard iptables tables (nat ,mangle, filter). But if I use these names with 'firweall-cmd' all I get is a blank line displayed. E.g.

 firewall-cmd --direct --get-chains ipv4 nat

The same occurs with all the table names.

So, my question is this, is 'firewall-cmd' working correctly and simply stating that none of the tables have any chains (and so no rules) Secondly, how do I find out what tables are defined for firewalld?

posted May 17, 2013 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

2 Answers

0 votes

yum info firewall-config

answer May 17, 2013 by anonymous
Yeah... I already have that installed so where does it tell me what tables are being used?
Yeah... I have a copy of that so where does it tell me what tables are being used?
firewall-cmd --get-active-zones

Thats what I have from a quick glance from that page. I don't use firewalld or Fedora.
cat The firewall daemon can not parse firewall rules added by the ip*tables and ebtables command line tools.

The daemon provides information about the current active firewall settings via D-BUS and also accepts changes via D-BUS using PolicyKit authentication methods
0 votes

since these are all wrapper around netfilter/iptables you get the truth with "iptables --list --numeric --verbose"

answer May 18, 2013 by anonymous
Similar Questions
+1 vote

I'd like to configure FirewallD to protect qemu/kvm host and maybe guests but the second one is not so important for me because each guest has it's own firewall.

What I don't understand is how FirewallD works with network bridges. Currently, I have bridge (br0) in trusted zone to allow as much traffic as possible, and p3p1 (which is NIC connected to switch) in public zone. When I put bridge in public zone I cut off networking from guests.

My question is, should I change rules on bridge or p3p1 and what is the correlation between them? What should I configure to pass networking traffic to guests but protect all ports on host system?

0 votes

When I try:

 ping -R www.google.com

I get:

PING www.google.com (173.194.113.112) 56(124) bytes of data.

but the list of nodes does not appear, and I wait for more than 5 minutes. traceroute www.google.com gives immediately the list of nodes.

This is fedora 18, iptables stopped (and flushed), firewalld stopped.Could it be somehow due to not flushing firewalld rules ? (I don't know much about firewalld)

+1 vote

We always see failures after doing; systemctl stop firewald followed by systemctl start firewalld. To clear the issue we seem to have to reboot the system.

...