[ SOLVED ] Firewalld 0.6.3 - unable to change backend to iptables

Support for security such as Firewalls and securing linux
Post Reply
User avatar
Errosion
Posts: 43
Joined: 2014/12/03 19:58:02

[ SOLVED ] Firewalld 0.6.3 - unable to change backend to iptables

Post by Errosion » 2019/10/29 19:06:05

Hello,

I am working on a C7.7 platform running firewalld 0.6.3.

Firewalld 0.6.3 is what is available on the C7 repos.

I recently was working on installing Kubernetes and there was a section in the kubeadm install where it referenced changing the backend of firewalld to be iptables instead of nftables. Doing some research, that seemed a pretty straightforward thing. Just add the "FirewallBackend" option to /etc/firewalld/firewalld.conf.

Except that when I do that, I proceed to get an error in /var/log/messages

ERROR: Invalid option: 'FirewallBackend=iptables'

Doing some digging on firewalld, it says that this option should be available after firewalld versions 0.6.0. So 0.6.3 should have that optioning. But it does not seem to. Even looking at the man pages for 0.6.3, there is no section for the "FirewallBackend" option.

I must be missing something. (And it is probably pretty obvious)

Any help/suggestions would be appreciated.
Last edited by Errosion on 2019/10/29 19:27:05, edited 1 time in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Firewalld 0.6.3 - unable to change backend to iptables

Post by TrevorH » 2019/10/29 19:08:02

Mainly you're missing the fact that it doesn't use nftables on CentOS 7 in the first place. CentOS 7 uses iptables both if using firewalld and if using iptables-services.

nftables is a new thing since CentOS 7 first came out in 2014. It's in the CentOS 7 repos but it's marked as "Tech Preview" upstream in RHEL which is code for "if you use this, you get to keep all the pieces".
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
Errosion
Posts: 43
Joined: 2014/12/03 19:58:02

Re: [ SOLVED ] Firewalld 0.6.3 - unable to change backend to iptables

Post by Errosion » 2019/10/29 19:27:47

Well. That would explain it then...

Thanks!

Post Reply