Is there a way to run just save with firewalld in RHEL7?

Peter Souter asked:

I’m starting to use RHEL7 and learning a little about the changes that come with systemd.

Is there a way to perform /sbin/service iptables save in firewalld?

$ /sbin/service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

The closest parallel I can find from the Documentation is --reload:

Reload the firewall without loosing state information:
$ firewall-cmd --reload

But it doesn’t explicitly say if it’s saving or not.

My answer:

The version of firewalld in RHEL 7.0 has no “save” script and no way to copy the running firewall configuration to the permanent configuration. You save a firewall change with firewalld by adding --permanent to the command line making the change. Without it, any change you make is temporary and will be lost when the system restarts.

For example:

firewall-cmd --add-service=http                 # Running config
firewall-cmd --add-service=http --permanent     # Startup config

Later (post-RHEL 7) versions of firewalld do include a way to save the running configuration, and this is available now in Fedora and in RHEL 7.1. In this case the command is simply:

firewall-cmd --runtime-to-permanent

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.