firewall-cmd rules conversion

[discuduru]

Hi; sorry for my bad english (spanish and french help are welcome!)
On my school we have and old Centos 5.8 with a system to prevent not allowed to the wireless, wich is dhcp server. This system was created by the old manager, never more working here. It creates a list of fixed ip associated to an mac-adress; if no match, no connection! Great job! This system creates a lot of iptables rules like this one, using an script:

$IPTABLES -A INPUT -m mac --mac-source c4:17:fe:b3:ae:75 -s 192.168.2.247 -i $ETH_WIFI -j ACCEPT

Question1: how to recreate this rules with firewall-cmd?
And if possible, is there another system to make te same control?

Thanks a lot.
PS: I am not an expert, as you can suppose. Thank you.

[TrevorH]

You don't have to use firewalld on CentOS 7, you can disable it and install the iptables service and use that instead.

[discuduru]

Thanks for the reply. I have read about this solution, but I'm very confused because in many places are saying that this is not convenient..I have read that use iptables instead is simply...
I don't know what to do!

[TrevorH]

Yes but if your current solution is based around using iptables directly then firewalld is going to need a huge conversion effort so just removing it and using the old style iptables service will fix that issue.

[discuduru]

So, it will be any problem in the future with new releases? Iptables will be allways there in Centos?

[TrevorH]

I can't make promises about what will in future releases because only Redhat knows. However, since firewalld is only a front-end to iptables in the first place and manipulates and controls the running rules, I suspect it would be difficult to remove iptables without also breaking firewalld!

[discuduru]

OK, thanks for your help, will remove firewalld and try.
Ciao