> On 23 Jun 2016, at 14:45, Ken Teh <[log in to unmask]> wrote:
> 
> I'm trying to set up NAT on an SL7x machine.  I know how to do it via
> iptables but am a little hesitant because of firewalld.
> 
> It's obvious from the lack of /etc/sysconfig/iptables that iptables
> configuration is stored elsewhere probably in several xml files.

Just in case: after

yum install iptables-services
systemctl mask firewalld.service
systemctl enable iptables.service

things are back to what they were before firewalld.

> I'm going to try to do it via 'firewall-cmd --direct' in the hopes that
> my reconfiguration is stored across reboots.
> 
> I dumped out the nat table.  There are several chains that did not exist
> in SL6x.  They appear to be stubs.  Does anyone know what their intended
> purpose is?  For example, my default zone is 'work' and I see among
> others, POST_work, POST_work_log, POST_work_deny, POST_work_allow, etc.
> 
> The POSTROUTING chain also contains several targets with explicit rules
> on 192.168.122.0/24.  Googling says they are libvirt related.  I suppose
> I could retain them  Does anyone know if things will break if I delete
> them?  It's a NAT gateway, not a virtualization server.

-- 
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany