Firewalld module would be happier if it could create forwarding rules

Joe's picture
Submitted by Joe on Sun, 06/11/2017 - 19:06 Pro Licensee

Currently, there's no way to create or display forwarding rules in the firewalld module.

They're pretty easy to work with (though I'm still wrapping my head around which zone to put the damned things in). In short:

# firewall-cmd --permanent --zone=public --add-forward-port=port=2222:proto=tcp:toport=22:toaddr=192.168.1.100

Which would forward port 2222 on interfaces in the public zone to port 22 on local IP 192.168.1.100.

To get a list of forwarded ports:

# firewall-cmd --zone=public --list-forward-ports

As far as I can tell, there is no way to get a list of all forwarded ports, but we only display the currently selected zone, anyway...so, it'd probably work the same way. Just put it into another table underneath the open ports/services, maybe.

This kind of rule is super useful in Cloudmin systems, as any testing/devel system could be on a private IP and ports could be forwarded relatively easily (I do it all the time on srv1 for testing Virtualmin installs).

Status: 
Closed (fixed)

Comments

Submitted by JamieCameron on Mon, 06/12/2017 - 21:21

This should be do-able ... I'll look into adding it for the next Webmin release.

Submitted by JamieCameron on Sat, 06/17/2017 - 18:24

This has been implemented for inclusion in the next Webmin release.

Submitted by JamieCameron on Sat, 06/17/2017 - 18:24

Status: Active » Fixed

fakemoth's picture
Submitted by fakemoth on Sun, 06/25/2017 - 23:49

I would also love to see the firewalld module developed a little. It isn't nowhere near the iptables one :)

Any chance to have proper rich rules? Those don't even appear if you custom add something.

Submitted by JamieCameron on Mon, 06/26/2017 - 23:14

Maybe ... although I feel that if you want all the power of iptables, you might as well just use the iptables module.

fakemoth's picture
Submitted by fakemoth on Tue, 06/27/2017 - 03:12

Please consider it as it is the default firewall in CentOS/RHEL as you surely know - when you got the time and (if you) feel like. Firewalld has all, at least the usual features iptables has.

Got nothing against iptables, what is there to say, but I for myself am trying to stay with the RHEL trend. Otherwise I should probably go "Devuan" :D Which stands for an ancient curse against the systemd blasphemers, and of course that went just fine for them and the Debian users :D

Submitted by JamieCameron on Tue, 06/27/2017 - 22:58

I think CentOS has the option to switch to iptables as an alternative to firewalld though, right?

Anyway, I do have an entry on my todo list to improve firewalld support, so these features will come eventually.

Submitted by IssueBot on Tue, 07/11/2017 - 23:07

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.