FirewallD setup questions

I may be totally misunderstanding thins, but... How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation says:

1. Run the yum install firewalld command to ensure that your system has firewalld installed.
2. Run the systemctl start firewalld.service command to start the firewalld service.
3. Run the /scripts/configure_firewall_for_cpanel script.

I have followed the above instructions. I am wanting to confirm whether or not firewalld needs to be enabled (systemctl enable firewalld).

Is there a way to manage firewalld from within WHM?

Are these warnings a concern (systemctl status firewalld)?
WARNING: Invalid module 'iptable_filter'
WARNING: Invalid module 'ip6table_filter'

 

If not enabled, only started, after reboot status I'm getting is:

"● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)"

What am I missing?

 

Ok, I'm not asking this correctly, I guess...

Given what you just wrote: Then why wouldn't the instructions say to enable it to run all the time? What would be the point of running it one time?

 

Hi,

To follow up on the warnings: I don't think it matters, but I'm on a dedicated server (not VPS). I'm not using CFS, only firewalld. My assumption was that firewalld does not use iptables at all, and so the warning could be safely ignored. Please explain or correct as appropriate. Thanks!

 

CentOS Linux release 7.3.1611 (Core)
3.10.0-514.21.2.el7.x86_64

Update: I simply commented out the two line in cpanel.xml that were trying to load the modules, which stopped the error of course.

My understanding now is that firewalld uses the iptables commands, but not the service: "The iptables command is actually used by firewalld itself, but the iptables service is not installed on CentOS 7 by default." (How To Migrate from FirewallD to Iptables on CentOS 7 | DigitalOcean)

So maybe this resolves it. Do you agree?

 

Perfect, I'll stand by, thank you!

 

Thank you, I understand. I just meant that I would await that reply, but not expecting anything soon.

I'm comfortable with firewalld at this time, but can switch to CSF in the future if desired.

What would be cool is an interface in WHM for the firewall-cmd CLI commands. It seems pretty feasible to me to have it show current settings and allow changes (temporary and permanent) as well as many other features. Is there a feature request for this already?

I know there is a firewall-config GUI for firewalld, but I have no desire to enable that from the command line. I don't know if it would be possible for WHM to leverage that for use in its interface, but that might be a cool thing.

 

That's not what I was suggesting, nor are any others I found by searching feature requests. I did see some people's comments that had a similar idea. Sadly I wasn't able to register and participate w/o an "invite." Care to hook me up?