From 8c7bde739892385bba2e4ad5db24657e0067143b Mon Sep 17 00:00:00 2001 From: Steven Spencer Date: Thu, 14 Jul 2022 09:35:15 -0500 Subject: [PATCH] iptables deprecation note added * added meta to the top of the file * added deprecation notice to the top of the procecure along with a deprecated tag in the meta * added links to the `firewalld` procedures in the admonition --- .../guides/security/enabling_iptables_firewall.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/guides/security/enabling_iptables_firewall.md b/docs/guides/security/enabling_iptables_firewall.md index 7a7ddb2058..bf3dc1de76 100644 --- a/docs/guides/security/enabling_iptables_firewall.md +++ b/docs/guides/security/enabling_iptables_firewall.md @@ -1,9 +1,24 @@ +--- +title: Enabling `iptables` Firewall +author: Steven Spencer +contributors: Ezequiel Bruni +tested with: 8.5, 8.6, 9.0 +tags: + - security + - iptables + - deprecated +--- + # Enabling iptables Firewall ## Prerequisites * A burning, unquenchable desire to disable the default _firewalld_ application, and enable _iptables_. +!!! warning "This Process Is Deprecated" + + As of Rocky Linux 9.0, `iptables` and all of the utilities associated with it, are deprecated. This means that future releases of the OS will be removing `iptables`. For that reason, it is highly recommended that you not use this process. If you are familiar with iptables, we recommend using [`iptables` Guide To `firewalld`](firewalld.md). If you are new to firewall concepts, then we recommend [`firewalld` For Beginners](firewalld-beginners.md). + ## Introduction _firewalld_ is now the default firewall on Rocky Linux. _firewalld_ **was** nothing more than a dynamic application of _iptables_ using xml files that loaded changes without flushing the rules in CentOS 7/RHEL 7. With CentOS 8/RHEL 8/Rocky 8, _firewalld_ is now a wrapper around _nftables_. It is still possible, however, to install and use straight _iptables_ if that is your preference. To install and run straight _iptables_ without _firewalld_ you can do so by following this guide. What this guide will **not** tell you is how to write rules for _iptables_. It is assumed that if you want to get rid of _firewalld_, you must already know how to write rules for _iptables_.