On Tue, Nov 17, 2015 at 09:18:22AM -0500, James B. Byrne wrote:
This behaviour is congruent with SELinux. One utility adjusts the permanent configuration, the one that will be applied at startup. Another changes the current running environment without altering the startup config. From a sysadmin point of view this is desirable since changes to a running system are often performed for empirical testing. Leaving ephemeral state changes permanently fixed in the startup config could, and almost certainly would eventually, lead to serious problem during a reboot.
Likewise, immediately introducing a state change to a running system when reconfiguring system startup options is just begging for an operations incident report.
Another possible reason is because when you're setting up firewalld, you might want to batch a bunch of changes with --permanent, then, once you've added them all, *then* you restart firewalld to pick up the changes. Having the firewall restart after *every* permanent change you want to make would leave the system's firewall bouncing up and down.