firewalld CONFIG dump

Issues related to configuring your network
Post Reply
User avatar
warron.french
Posts: 515
Joined: 2014/03/27 20:21:58

firewalld CONFIG dump

Post by warron.french » 2020/09/01 19:54:38

What command can I run to execute a dump of the firewalld configurations to an ASCII text file so that I can capture those details and then compare them to other firewalld configurations on other servers, and toss out the irrelative differences.

My intent is to:
  1. see if someone or something is mucking with any firewalld settings on a given server, or
  2. confirm that servers, where appropriate, are meeting the standard of a given standard
Thanks,
War

User avatar
jlehtone
Posts: 3044
Joined: 2007/12/11 08:17:33
Location: Finland

Re: firewalld CONFIG dump

Post by jlehtone » 2020/09/01 21:55:24

The "permanent" config of firewalld is all in files. XML text?

However, perhasp you want to compare the effective config, the actual netfilter rules that are in kernel?
For that:

Code: Select all

iptables -S
iptables -t nat -S
iptables -t mangle -S

User avatar
warron.french
Posts: 515
Joined: 2014/03/27 20:21:58

Re: firewalld CONFIG dump

Post by warron.french » 2020/09/02 14:18:12

At jlehtone, actually I did want to know about the XML files. Can you help with that too, please?

What you have provided here will also be helpful to me; to ensure what is in files and what is in memory are jiving correctly as well.


Thanks again.
Thanks,
War

User avatar
jlehtone
Posts: 3044
Joined: 2007/12/11 08:17:33
Location: Finland

Re: firewalld CONFIG dump

Post by jlehtone » 2020/09/02 15:15:45

The config is split into many files.
man firewalld describes/mentions default config and system config. Drop files to system to override the default.

There seems to be description of the XML schemas. For example, the man firewalld.zone

The firewall-cmd can also show "human-readable" summaries. For example:

Code: Select all

sudo firewall-cmd --get-active-zones
sudo firewall-cmd --info-zone=public
sudo firewall-cmd --info-service=dhcpv6-client

User avatar
KernelOops
Posts: 322
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: firewalld CONFIG dump

Post by KernelOops » 2020/09/02 20:39:50

firewalld persistent configuration is under /etc/firewalld/

for example, you'll find the zone rules under /etc/firewalld/zones/

you can easily compare xml files between servers, or even share them around.

warron.french wrote:
2020/09/02 14:18:12
At jlehtone, actually I did want to know about the XML files. Can you help with that too, please?
--
I love my computer - all my friends live there.
--

Post Reply

Return to “CentOS 7 - Networking Support”