On Jan 21, 2015, at 9:45 AM, Jorick Astrego
<j.astrego(a)netbulae.eu> wrote:
Hi,
In the quickstart guide we have the iptables rules for a fedora 19 host,
but currently we run firewalld on the host (Centos 7)
I've converted the rules to a service xml for the zone but I can't
figure out the firewalld translation for "-A FORWARD -m physdev !
--physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited "
Anyone know how to do this in firewalld?
DISCLAIMER: I am just a lowly user of ovirt/RHEL/Fedora
You can do almost anything you can do with iptables by using the passthrough option,
although you have to make sure the rules fit the underlying iptables policy firewalld
generates (by inspecting it afterwords).
The following should work:
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -m physdev
--physdev-is-bridged -j ACCEPT
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat