I'm migrating from iptables to firewalld, using Centos 7.
In the old times, I used to write the (permament) iptables rules in the /etc/sysconfig/iptables
, which also served to place comments prepended by #
(to remind us why we restricted this or that ip, etc).
Now, it seems that the current (permanent) configuration is read from /etc/firewalld/
files (especially /etc/firewalld/zones/*.xml
). I guess I could add xml comments there, but it seems the good practice is not to edit those files directly but via firewall-cmd
(no?).
Hence, I'm not sure which is the standard or recommended way to add comments to the rules.
Any suggestions?
Edited: For the record, I've verified that xml comments do not survive firewall-cmd
modifications.
Best Answer
Although in the firewall-cmd man page, there is a section on Direct Options, that allow you to give parameters, so you could do something like:
firewall-cmd --direct --add-rule <table> <chain> <priority> <args> -c <some comment>
Although, as Michael Hampton said, probably not the best thing.