Below we demonstrate three common methods for transforming the iptables rules into the firewalld controls. Our example shows the transformation of one iptables rule output by the iptables-save command:
LOG_TEST_NEW - [0:0] -A LOG_TEST_NEW -m limit --limit 2/min -j LOG --log-prefix "New Connection"
The example rule logs up to two log entries per minute. The log entry is labeled with the string “New Connection.”
Using The firewalld GUI (Applications -> Sundry -> Firewall)
1. Create a Rule Chain
2. Put the Rule and bind it to the Rule Chain
Using The firewall-cmd Command Line
# firewall-cmd --direct --add-chain ipv4 filter LOG_TEST_NEW # firewall-cmd --direct --add-rule ipv4 filter LOG_TEST_NEW 0 -m limit --limit 2/min -j LOG --log-prefix 'New Connection' --log-level 4 success
Editing The /etc/firewalld/direct.xml Ruleset
# cat /etc/firewalld/direct.xml <?xml version="1.0" encoding="utf-8"?> <direct> <chain table="filter" ipv="ipv4" chain="LOG_NEW" /> <rule priority="0" table="filter" ipv="ipv4" chain="LOG_NEW"> -m limit --limit 2/min -j LOG --log-prefix 'New Connection' --log-level 4 </rule> </direct>