Yamaban wrote:
So is the goal for firewalld to implement a GUI for iptables? What is the "value added" by firewalld? Thanks....Nick Geo
Well, the order from Kernel inside outward is:
Netfilter (inside Kernel), not directly accessible by userland
iptables/iptables6, the userland cli tools to manipulate the Netfilter entries, mighty and complex, error-prone for casual use.
firewalld(RedHat/CentOS), or SuSEfirewall(Suse), or similar are the tools that simplify the task of creating the needed iptable rules, as not every one wants to write them by hand.
GUI tools, that allow to manipulate the config of firewalld (or
similar), for those that are unfamilar with the command line, or want a quick and graphical way to do the job needed.
It might be mentioned that the previous firewall is still available. It can obtained by "yum install system-config-firewall".
Actually I use shorewall - I'm not sure how this compares with firewalld. It is certainly much better documented.