Page 1 of 1

[ SOLVED ] Firewalld 0.6.3 - unable to change backend to iptables

Posted: 2019/10/29 19:06:05
by Errosion
Hello,

I am working on a C7.7 platform running firewalld 0.6.3.

Firewalld 0.6.3 is what is available on the C7 repos.

I recently was working on installing Kubernetes and there was a section in the kubeadm install where it referenced changing the backend of firewalld to be iptables instead of nftables. Doing some research, that seemed a pretty straightforward thing. Just add the "FirewallBackend" option to /etc/firewalld/firewalld.conf.

Except that when I do that, I proceed to get an error in /var/log/messages

ERROR: Invalid option: 'FirewallBackend=iptables'

Doing some digging on firewalld, it says that this option should be available after firewalld versions 0.6.0. So 0.6.3 should have that optioning. But it does not seem to. Even looking at the man pages for 0.6.3, there is no section for the "FirewallBackend" option.

I must be missing something. (And it is probably pretty obvious)

Any help/suggestions would be appreciated.

Re: Firewalld 0.6.3 - unable to change backend to iptables

Posted: 2019/10/29 19:08:02
by TrevorH
Mainly you're missing the fact that it doesn't use nftables on CentOS 7 in the first place. CentOS 7 uses iptables both if using firewalld and if using iptables-services.

nftables is a new thing since CentOS 7 first came out in 2014. It's in the CentOS 7 repos but it's marked as "Tech Preview" upstream in RHEL which is code for "if you use this, you get to keep all the pieces".

Re: [ SOLVED ] Firewalld 0.6.3 - unable to change backend to iptables

Posted: 2019/10/29 19:27:47
by Errosion
Well. That would explain it then...

Thanks!