HI Eric!
According to unconfirmed rumors, Eric has a very good and hot line to RedHat. ;)
Maybe he can pass on my wish and suggestion to the developers. O.K. what is it about? I have been a loyal customer for many years and have been a loyal “customer since CentOS7 times”. What I miss in firewalld and especially in firewall-cmd is a kind of fulldump backup and restore functionality. Something like:
firewall-cmd --backup backup-file.back
firewall-cmd --restore backup-file.back
Why all this? Well, for one thing, it would be an adequate way to regularly back up the running firewall rules. And if you restore a previously backed up firewall configuration, this would be a very simple and smooth process. OK, alternatively, I just have to continue to back up the XML files from /etc/firewalld using Ansible and store them in the inventory so that I can deploy them to a host later via ansible.
Or have I overlooked something and the whole thing already exists and I'm worrying about nothing?
Best regards,
08.10.2024 16:13, Bastard Operator from Hell aka Django via firewalld-users wrote:
HI Eric!
According to unconfirmed rumors, Eric has a very good and hot line to RedHat. ;)
Maybe he can pass on my wish and suggestion to the developers. O.K. what is it about? I have been a loyal customer for many years and have been a loyal “customer since CentOS7 times”. What I miss in firewalld and especially in firewall-cmd is a kind of fulldump backup and restore functionality. Something like:
https://github.com/firewalld/firewalld/issues/1050
firewall-cmd --backup backup-file.back
firewall-cmd --restore backup-file.back
Why all this? Well, for one thing, it would be an adequate way to regularly back up the running firewall rules. And if you restore a previously backed up firewall configuration, this would be a very simple and smooth process. OK, alternatively, I just have to continue to back up the XML files from /etc/firewalld using Ansible and store them in the inventory so that I can deploy them to a host later via ansible.
Well, it is perfectly valid approach. After all, fancy commands just pretty print XML files.
Or have I overlooked something and the whole thing already exists and I'm worrying about nothing?
Best regards,
On Tue, Oct 08, 2024 at 08:00:01PM +0300, Andrei Borzenkov via firewalld-users wrote:
08.10.2024 16:13, Bastard Operator from Hell aka Django via firewalld-users wrote:
HI Eric!
According to unconfirmed rumors, Eric has a very good and hot line to RedHat. ;)
It's true.
Maybe he can pass on my wish and suggestion to the developers. O.K. what is it about? I have been a loyal customer for many years and have been a loyal “customer since CentOS7 times”. What I miss in firewalld and especially in firewall-cmd is a kind of fulldump backup and restore functionality. Something like:
This bug is a bit different because it's about show the "active" config in the CLI. Which is not something you can feed back into firewalld to "restore".
Please file an upstream bug. If you're a RHEL customer then please file a feature enhancement with RHEL.
firewall-cmd --backup backup-file.back
firewall-cmd --restore backup-file.back
Why all this? Well, for one thing, it would be an adequate way to regularly back up the running firewall rules. And if you restore a previously backed up firewall configuration, this would be a very simple and smooth process. OK, alternatively, I just have to continue to back up the XML files from /etc/firewalld using Ansible and store them in the inventory so that I can deploy them to a host later via ansible.
Well, it is perfectly valid approach. After all, fancy commands just pretty print XML files.
Indeed. Any backup/restore functionality would basically just zip up the /etc/firewalld directory.
Or have I overlooked something and the whole thing already exists and I'm worrying about nothing?
You're not overlooking anything.
firewalld-users@lists.fedorahosted.org