Is there a way to list runtime-only (i.e. no --permanent) changes in firewalld? I would like to see a diff in my configuration to make sure no change will get lost in case of a --reload.
Asked
Active
Viewed 417 times
2 Answers
3
as far as I can see no tool that offers you that possibility, but you can create it yourself.
I add a runtime acl to port 54/tcp:
# firewall-cmd --add-port=54/tcp
Then I can save the runtime rules to a file:
# firewall-cmd --list-all > /tmp/runtime_rules
And I save the permanent rules to another file:
# firewall-cmd --list-all --permanent > /tmp/permanent_rules
Finally I use diff to compare both
# diff /tmp/runtime_rules /tmp/permanent_rules
1c1
< FedoraWorkstation (active)
---
> FedoraWorkstation
4c4
< interfaces: wlp2s0
---
> interfaces:
7c7
< ports: 1025-65535/udp 1025-65535/tcp 54/tcp
---
> ports: 1025-65535/udp 1025-65535/tcp
And there you have the port I added on the runtime rules, not on the permanent one.
natxo asenjo
- 5,739
- 2
- 26
- 27
-
This is what I ended up doing. Thanks for the detailed answer! – Iso Feb 15 '20 at 14:46
2
I'd like to propose a one-liner alternative usable in a bash shell:
diff -u <(firewall-cmd --list-all --permanent) <(firewall-cmd --list-all)
--- /dev/fd/63 2022-02-20 14:05:38.106385643 +0000
+++ /dev/fd/62 2022-02-20 14:05:38.110385485 +0000
@@ -3,7 +3,7 @@
icmp-block-inversion: no
interfaces: eno0
sources:
- services: dhcpv6-client ssh
+ services: dhcpv6-client http https ssh
ports:
protocols:
forward: no
Lines prefixed with - are in the permanent config. Those with + are in the live configuration.
Christophe Drevet
- 2,012
- 2
- 18
- 26