system-config-firewall, replacement?

[AStaleyUK]

I've just completed a fresh install of CentOS7 to do some testing with native PostgreSQL and one of the things I've done in the past is install "system-config-firewall" to allow me to easily setup the firewall and allow ports. CentOS7 will allow me to install this via yum but when I run the command it tells me "ERROR: FirewallD is active, please use firewall-cmd.". I'm not familiar with firewall-cmd, is there something available with a user interface of some description. CentOS7 is setup command line only, but with system-config-firewall it at least gave you an ASCI output to work with.

Thanks in advance.

[AStaleyUK]

Having looked around I've come to the conclusion that such a program doesn't currently exist for CentOS7 (hadn't realised how recently it had been released). I came across https://fedoraproject.org/wiki/FirewallD which looks to give a good explanation of FirewallD, from this I've been able to setup a Zone with the access I need and assign it to the network interface.

[drk]

This https://access.redhat.com/documentation ... walls.html describes how to switch back to system-config-firewall if you want. I'd spend the time to figure out the firewalld stuff though.

[Super Jamie]

It's called firewall-config, it's in the menu under Firewall

[TrevorH]

firewall-config is GUI only though and the OP is looking for an ncurses type program

[Super Jamie]

Ohhh I see.

There is no ncurses equivalent, however man firewall-cmd explans the commandline app well, and it's really good once you learn to use it.

[screwballl]

Some people do not want to use the new tools when the old ones work very well.

So disable firewalld

yum install iptables-services

add the rules and then

service iptables start

I can understand when there are specialized specific uses for firewalld, but to force it on everyone by default is less than desired.... With the ease of iptables blocking everything except what you want, most of us want and need and use iptables. No need to learn zones or another 5000 lines of code, just to learn how to enter a simple command.

Of course with CentOS being taken over by RH instead of just being a distro based on it, we can expect a lot more of these types of events over the next few years.

[TrevorH]

Of course with CentOS being taken over by RH instead of just being a distro based on it, we can expect a lot more of these types of events over the next few years.

CentOS has always reproduced what upstream produces with the only changes made being to remove branding and copyright materials.

[screwballl]

Of course with CentOS being taken over by RH instead of just being a distro based on it, we can expect a lot more of these types of events over the next few years.

CentOS has always reproduced what upstream produces with the only changes made being to remove branding and copyright materials.

True, but now CentOS is being bought out and run by RH, not just a fork or tree based on RH but with its own flavor.

[vonskippy]

True, but now CentOS is being bought out and run by RH, not just a fork or tree based on RH but with its own flavor.

No and No, what part of BINARY CLONE is unclear to you?

It's not a fork.

It's not "based" on a tree.

It's an EXACT CLONE minus the branding.