On 12/30/2014 04:02 PM, Peter Boy wrote:
>> Am 30.12.2014 um 12:17 schrieb Karel Lang AFD <[log in to unmask]>:
>>
>> Hi,
>> i already installed couple of SL7 boxes and i have to say, that the menitoned 'firewalld' is the new feature that i like the least.
>>
>> What i do is, i just remove 'firewalld' and install 'iptables'. There i know what to do and there i could help you. But not with this.
>> Firewalld is ugly (imho).
>>
>
>
> I agree that firewalld by far is not the best feature of EL7, at least at the moment. And reading the maintainer’s comment on TUV bugzilla about firewall zone being a matter of NetworkManager and not of firewall I doubt the concept behind that implementation.
>
> I tried iptables, but "systemctl status iptables" indicates again that the process is indeed active, but has terminated. And fail2bain requires firewalld and does not cooperate with iptables anymore. So I suppose I’m stuck with firewalld for now.

That is normal for iptables - the service runs once to configure the 
rules, then it is done:

iptables.service - IPv4 firewall with iptables
    Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
    Active: active (exited) since Mon 2014-12-22 17:34:33 UTC; 1 weeks 1 
days ago
  Main PID: 7141 (code=exited, status=0/SUCCESS)
    CGroup: /system.slice/iptables.service

You can also remove fail2ban-firewalld (and fireawalld) to remove the 
default fail2ban firewalld configuration, and use the iptables actions.

-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA/CoRA Division                    FAX: 303-415-9702
3380 Mitchell Lane                  [log in to unmask]
Boulder, CO 80301              http://www.cora.nwra.com