This was the closest I could find: https://serverfault.com/questions/1003201/list-runtime-only-changes-in-firew... but the suggestion leaves a lot of possible changes out.
Am I missing a flag or some other obvious display of a diff runtime from permanent firewalld config? (i.e display what --runtime-to-permanent would change)
Thanks!
On Fri, Sep 17, 2021 at 04:13:04AM -0000, Adam Chasen wrote:
This was the closest I could find: https://serverfault.com/questions/1003201/list-runtime-only-changes-in-firew... but the suggestion leaves a lot of possible changes out.
Am I missing a flag or some other obvious display of a diff runtime from permanent firewalld config? (i.e display what --runtime-to-permanent would change)
You're not missing anything. There is no easy way to diff the runtime and permanent configurations.
--On Friday, September 17, 2021 2:55 PM -0400 Eric Garver egarver@redhat.com wrote:
On Fri, Sep 17, 2021 at 04:13:04AM -0000, Adam Chasen wrote:
This was the closest I could find: https://serverfault.com/questions/1003201/list-runtime-only-changes-in-f irewalld but the suggestion leaves a lot of possible changes out.
Am I missing a flag or some other obvious display of a diff runtime from permanent firewalld config? (i.e display what --runtime-to-permanent would change)
You're not missing anything. There is no easy way to diff the runtime and permanent configurations.
Another approach would be to build a chroot and run --runtime-to-permanent to save the runtime state into the chroot. Then pop back out of the chroot and "diff -r /etc/firewalld /tmp/firewalld-chroot-$$/etc/firewalld" to see what changed. This assumes that the dump honors the chroot and isn't executed by a background service whose root you can't change.
firewalld-users@lists.fedorahosted.org