📖 ~1 min read
Table of contents
Symptom & Impact
Custom iptables rules vanish after firewalld reload.
Environment & Reproduction
Common when migrating from iptables backend to nftables on CentOS Stream 10.
Root Cause Analysis
Direct iptables rules are not preserved by nftables backend.
Quick Triage
Verify backend with firewall-cmd –state and firewall-cmd –get-default-zone.
Step-by-Step Diagnosis
Check /etc/firewalld/firewalld.conf FirewallBackend setting.
Solution – Primary Fix
Convert direct rules to rich rules or native nftables policy objects.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Switch FirewallBackend=iptables temporarily during migration window.
Verification & Acceptance Criteria
Policy survives reload and active connections continue to work.
Rollback Plan
Restore iptables backend via firewalld config and reload.
Prevention & Hardening
Plan migration in maintenance window with rule replay testing.
Related Errors & Cross-Refs
Linked to direct rule deprecation and policy objects.
Related tutorial: View the step-by-step tutorial for centos-stream-10.
View all centos-stream-10 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
firewalld.direct and firewalld.policies manuals.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
