Today I learned that firewalld will silently fail when you run docker, because of NetworkManager and dbus cancer
What are some good alternatives for firewalld and NetworkManager? running CentOS and ufw and shorewall are in the repos
https://github.com/moby/moby/issues/16137
learn iptables like a real man
>>60036535
that's not webscale, dipshit
>>60035653
Dockers the real cancer.
>>60036718
then configure it with ansible or salt or chef or something like that
learning IPtables isn't even that hard. -A for append -I for insert and -D for delete, then --dport 22 for ssh or whatever, --proto tcp is self explanatory, -j ACCEPT or -j DROP based on whether you want to allow it or not. netfilter will run down the rules in the table from top to bottom until one matches. So insert a few accept rules at the top then append a catchall -j DROP at the end. Add your stuff for allowing already-established connections and you're good. Only table you need is INPUT, or -j DNAT if you know what you're doing. iptables is easy as fuck and we've already determined that firewalld sucks dick
>>60037005
OP here, I will be looking into this. doesn't indeed look too difficult
But any replacement for that bloated shit NetworkManager?
>>60035653
Install ufw.
>>60037205
honestly? delete networkmanager and set your shit up with ifconfig/iwconfig/wpasupplicant as is the custom. Nobody actually uses the shit that the freedesktop people are so autistic over.
>>60037205
I dunno about network manager, but here's the standard iptables setup. It should be (hopefully) understandable enough that you can adapt it to your situationiptables -F # clear ALL the rules
iptables -I INPUT --proto tcp --dport 80 -j ACCEPT # allow http
iptables -I INPUT --proto tcp --dport 22 -j ACCEPT # allow ssh
# you NEED these next two rules, don't ask why
iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -s 127.0.0.1/8 -j ACCEPT
# so far we've been inserting rules to the top of the table. This -A appends the rule to the end, so if it didn't match any of the first four rules, it will drop the packet.
iptables -A INPUT -j DROP
>>60037276
>set your shit up with ifconfig/iwconfig/wpasupplicant as is the custom
CentOS comes by default with NetworkManager, that's why I was running it in the first place. Alpine uses /etc/network/interfaces, which is really comfy, but it's not there on CentOS
>>60036718
No shit that's why you use configuration management to abstract it. Like someone else mentioned, use Puppet, Chef, Ansible, Salt, etc.