Using Zones in Firewalld to Block Outbound Access

[TrevorH]

I don't see the point in leaving firewall* packages installed if you have switched to using iptables or nftables. It just creates confusion for anyone that comes along later and has to work out what's in use.

I'd just yum remove firewall\* and then read what it says it's going to do before replying Y.

[yildizabdullah]

Is there any side effect of leaving the state of the firewalld.service as it is?

Do show output of systemctl status firewalld

Code: Select all

# systemctl status firewalld
● firewalld.service
   Loaded: masked (/dev/null; bad)
   Active: inactive (dead)

Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:18 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:18 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:20 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:36:37 centos7-server systemd[1]: Cannot add dependency job f....
Warning: firewalld.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Hint: Some lines were ellipsized, use -l to show in full.

[jlehtone]

You could run that systemctl daemon-reload as the output suggests.

The firewalld.service seems to be masked, so everything should be ok.


I do agree with Trevor that complete removal of FirewallD is the most clean option.

The removal of firewall* on CentOS 7 system probably removes:
firewall-applet, firewall-config, firewalld, firewalld-filesystem
and packages that require those, e.g.
anaconda-core, anaconda-gui, anaconda-tui, initial-setup, initial-setup-gui

The anaconda and initial-setup were used only on initial install of the system, so it should be ok to remove the firewalld.
Unless in your system some more important packages would get removed ...

[yildizabdullah]

You could run that systemctl daemon-reload as the output suggests.

The firewalld.service seems to be masked, so everything should be ok.


I do agree with Trevor that complete removal of FirewallD is the most clean option.

The removal of firewall* on CentOS 7 system probably removes:
firewall-applet, firewall-config, firewalld, firewalld-filesystem
and packages that require those, e.g.
anaconda-core, anaconda-gui, anaconda-tui, initial-setup, initial-setup-gui

The anaconda and initial-setup were used only on initial install of the system, so it should be ok to remove the firewalld.
Unless in your system some more important packages would get removed ...

Thank you for your support.