CentOS 7: Firewalld & IPtables

[m1ne]

I'm finally making the jump to CentOS 7. I don't want to, but eventually I have to, so I'll get it out the way now.
Anyway, I really don't like Firewalld. I'm curious if anyone here has disabled it and reverted back to using IPtables. Is there any issue in doing this? I want to go down this route as I use CSF and I'm very familiar with how to set up IPtables.

Thank for reading.

 

[Fred.]

I also have Firewalld disabled on CentOS 7 because I use CSF and it only works with IPtables. (At the time I installed it)
No issues so far, using it for almost a year now. I still works like it did with CentOS 6.x

 

[m1ne]

I also have Firewalld disabled on CentOS 7 because I use CSF and it only works with IPtables. (At the time I installed it)
No issues so far, using it for almost a year now. I still works like it did with CentOS 6.x

Good to hear, trying it out shortly.

 

[m1ne]

I see a lot of people talking about performance benefits vs CentOS 6, but never any benchmarks. Any idea how much % we're talking here?
Any other reason to not continue using CentOS 6 over 7? It's supported until 2020.

 

[Fred.]

I see a lot of people talking about performance benefits vs CentOS 6, but never any benchmarks. Any idea how much % we're talking here?
Any other reason to not continue using CentOS 6 over 7? It's supported until 2020.

I can't really compare the performance because so much changed in my server setup. I switched from Apache to Nginx, switched from MySQL to MariaDB, PHP versions and configurations changed.

Overall Security and improved more efficient software, new filesystem.
No reason to stay at 6.x unless you have something that doesn't work on CentOS 7
But if it still doesn't work on CentOS 7 you should think about switching to something else because CentOS 7 was released more than a year ago.

 

[TPerry]

What I can't believe is we are here in 2016 and you STILL can't do an upgrade in place reliably with CentOS. They are still (from what I keep reading) recommending doing a full wipe/install or setting it up on YAS (yet another server) and then transferring over. Not everybody has tons of money to keep getting an new server to do this with every "major" release. At least Debian had a reliable in place upgrade that worked for the last 3 versions I ran before I moved over to CentOS.

 

[Fred.]

What I can't believe is we are here in 2016 and you STILL can't do an upgrade in place reliably with CentOS. They are still (from what I keep reading) recommending doing a full wipe/install or setting it up on YAS (yet another server) and then transferring over. Not everybody has tons of money to keep getting an new server to do this with every "major" release. At least Debian had a reliable in place upgrade that worked for the last 3 versions I ran before I moved over to CentOS.

I agree, The last times my host always had a similar server that I could use for a few weeks to set it up. Then we swapped disks and done!
Now I have a new server with custom hardware configuration so I don't know what I'm going to do next time when CentOS 8 comes out.
Maybe pump it into a VPS for a few weeks?

 

[TPerry]

Maybe pump it into a VPS for a few weeks?

Depending on how large it is (or how many sites you have on the server) it could be just as cheap going to Server Complete and getting one of their older servers for a month. That's what I'm thinking of doing and then just keeping it to use as a dev/backup platform.

 

[Fred.]

Depending on how large it is (or how many sites you have on the server) it could be just as cheap going to Server Complete and getting one of their older servers for a month. That's what I'm thinking of doing and then just keeping it to use as a dev/backup platform.

Then You still have to move everything and configure the server. That always takes for ages.
That's why I was thinking about virtualising it, it can go fully automatic with no downtime. 1 hour later you are moved.
It's possible with my server because I don't have bigboards on it.