I'm trying to set up NAT on an SL7x machine. I know how to do it via iptables but am a little hesitant because of firewalld.
It's obvious from the lack of /etc/sysconfig/iptables that iptables configuration is stored elsewhere probably in several xml files. I'm going to try to do it via 'firewall-cmd --direct' in the hopes that my reconfiguration is stored across reboots. I dumped out the nat table. There are several chains that did not exist in SL6x. They appear to be stubs. Does anyone know what their intended purpose is? For example, my default zone is 'work' and I see among others, POST_work, POST_work_log, POST_work_deny, POST_work_allow, etc. The POSTROUTING chain also contains several targets with explicit rules on 192.168.122.0/24. Googling says they are libvirt related. I suppose I could retain them Does anyone know if things will break if I delete them? It's a NAT gateway, not a virtualization server.
