FirewallD And Network Manager On Production Servers (C7)

Home » CentOS » FirewallD And Network Manager On Production Servers (C7)
CentOS 9 Comments

Hi List,

Are you really using firewalld and network-manager on CentOS 7 production servers or old way disabling network manager and using pure iptables like on C6?

9 thoughts on - FirewallD And Network Manager On Production Servers (C7)

  • As i start to deploy test images of C7 I think about this same question. Part of me wants to keep the simplicity of the old method, but then someone else somewhere mentioned that the systemd stuff relies on network-manager to work better, so I don’t know that keeping the old methods is better. I
    do dislike the new NIC naming, and that’s tied to network-manager too, but I was hoping others would have more feedback about which way is better in the long run.

  • 2014-07-15 21:20 GMT+03:00 Jeremy Hoel :

    Some-one said that is recommended way to use network manager and firewalld, but I still need to learn those tools first..

  • Hello Eero Volotinen,

    I tried to disable NetworkManager, but then ran into the following bug:
    https://bugzilla.redhat.com/show_bug.cgi?id05770

    Instead of adjusting the file, I have now switched over to NetworkManager
    (even for local static routes).

    For iptables I’d rather stay with static rules, so iptables is the right thing for me…

    (Next item is tuned, which also looks a bit overkill to keep running.)

    Best regards,

    Florian La Roche

  • Is there something different in el7 compared to el6 ?
    Because tuned is already part of the game since at least el 6.5!
    —–BEGIN PGP SIGNATURE—

  • Most of my installs are older than 6.5 and tuned seems to be not installed on my CentOS-6 machines. Looking at CentOS-7 most of my installs should be ok with a static configuration that will not change over the machine lifetime.

    Back to the nasty NetworkManager bug in https://bugzilla.redhat.com/show_bug.cgi?id05770 :
    The bug was already reported in January 2012, but ignored for 18 months by the NM gods. Just check this report: https://bugzilla.redhat.com/show_bug.cgi?idw1673

    best regards,

    Florian La Roche

  • NetworkManager does not fully support Bridge interfaces, so since I use
    (one for now) C7 server for KVM host, I disabled it and use network instead.

    I will also use shorewall instead of Firewalld, at least until I can understand how it works (stupid looking thing without obvious way of using it).