Enable Firewalld Rules on Kickstart
To enable firewall rules on kickstart file we need to use the following command
FIREWALL-OFFLINE-C(1) firewall-offline-cmd FIREWALL-OFFLINE-C(1)
NAME
firewall-offline-cmd - firewalld offline command line client
SYNOPSIS
firewall-offline-cmd [OPTIONS...]
DESCRIPTION
firewall-offline-cmd is an offline command line client of the firewalld daemon. It should be used only if the firewalld service is not running. For example to migrate from system-config-firewall/lokkit or in the install
environment to configure firewall settings with kickstart.
Some lokkit options can not be automatically converted for firewalld, they will result in an error or warning message. This tool tries to convert as much as possible, but there are limitations for example with custom rules,
modules and masquerading.
Check the firewall configuration after using this tool.
OPTIONS
If no options are given, configuration from /etc/sysconfig/system-config-firewall will be migrated.
For sequence options, this are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeded. The ALREADY_ENABLED (11), NOT_ENABLED (12) and also ZONE_ALREADY_SET (16)
errors are treated as succeeded. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one. Without any succeeded item, the exit code
will depend on the error codes. If there is exactly one error code, then this is used. If there are more than one then UNKNOWN_ERROR (254) will be used.
Example add a port to the default zone
firewall-offline-cmd --port=3333:tcp
Example Add service
firewalld -offline-cmd --service=dns
FIREWALL-OFFLINE-C(1) firewall-offline-cmd FIREWALL-OFFLINE-C(1)
NAME
firewall-offline-cmd - firewalld offline command line client
SYNOPSIS
firewall-offline-cmd [OPTIONS...]
DESCRIPTION
firewall-offline-cmd is an offline command line client of the firewalld daemon. It should be used only if the firewalld service is not running. For example to migrate from system-config-firewall/lokkit or in the install
environment to configure firewall settings with kickstart.
Some lokkit options can not be automatically converted for firewalld, they will result in an error or warning message. This tool tries to convert as much as possible, but there are limitations for example with custom rules,
modules and masquerading.
Check the firewall configuration after using this tool.
OPTIONS
If no options are given, configuration from /etc/sysconfig/system-config-firewall will be migrated.
For sequence options, this are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeded. The ALREADY_ENABLED (11), NOT_ENABLED (12) and also ZONE_ALREADY_SET (16)
errors are treated as succeeded. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one. Without any succeeded item, the exit code
will depend on the error codes. If there is exactly one error code, then this is used. If there are more than one then UNKNOWN_ERROR (254) will be used.
Example add a port to the default zone
firewall-offline-cmd --port=3333:tcp
Example Add service
firewalld -offline-cmd --service=dns
Comments
Post a Comment