23 Oct
2019
23 Oct
'19
8:32 p.m.
On Oct 22, 2019, at 15:04, Chris Adams linux@cmadams.net wrote:
firewalld is not really the same thing as iptables though; it's more of a management layer on top of just writing raw rules. One big issue I have though is that firewalld always sets up kernel connection state tracking, which is not a good thing for some uses (high-traffic DNS servers for example).
One major change is that the Firewalld in el8 doesn’t use “iptables” rules (netfilter) but instead “nft” rules (nftables).
-- Jonathan Billings