# One of the errors you might get: "iptables-restore v1.4.21: Set issabel_whitelist doesn't exist."
# On CentOS7 iptables is depercated in favor of firewalld, but Issabel still uses iptables + ipset.
# We need to configure iptables and ipset persistence.


# 1.0 Make sure that the Firewall from Issabel is on Deactivated.
# 1.1 Add all the rules that you need.
# 1.2 Add all the whitelists that you need.

# 2.0 Activate the Firewall from the Issabel GUI


# 3.0 Save the ipset and iptable rules
/usr/sbin/ipset -file /etc/sysconfig/ipset save
service iptables save

# 4.0 Allow persistance for iptable rules
chkconfig iptables on

# 5.0 Create a new service unit file for ipset "persistance"
nano /etc/systemd/system/ipset.service


# 5.1 Add the following content in the file and save it (CTRL + X, Y, ENTER):
[Unit] 
Description=ipset persistent rule service 
Before=iptables.service 
ConditionFileNotEmpty=/etc/sysconfig/ipset 

[Service] 
Type=oneshot 
RemainAfterExit=yes 
ExecStart=/usr/sbin/ipset -exist -file /etc/sysconfig/ipset restore 
ExecStop=/usr/sbin/ipset -file /etc/sysconfig/ipset save

[Install] 
WantedBy=multi-user.target


# 6.0 Enable/disable our services
systemctl daemon-reload 
systemctl disable firewalld
systemctl enable iptables
systemctl enable ipset

# 7.0 Reboot and see how the Firewall in Issabel gets "activated"
# Remember to always whitelist yourself and allow traffic, because you can lock yourself out.