On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
On Thu, 30 Oct 2014 03:56:58 +0000 Always Learning centos@u62.u22.net wrote:
iptables -A table-name -p tcp --dport 80 -j ACCEPT
No reboot needed. 'table-name' can be INPUT or another user defined table name.
firewall-cmd with its Windoze-like structure and syntax is definitely unappealing to many normal firewall users.
If you compare the syntax of the two equivalent commands,
iptables -I INPUT -p tcp --dport 80 -j ACCEPTand
firewall-cmd --add-service=httpI'd say that the second one appears simpler, more readable, more intuitive, and less sensitive to typos. No reboot is required for either. I fail to see what is so unappealing to a user in the second one. I don't know who is a "normal firewall user". Finally, I don't see any Windows-like syntax in the second one (AFAIK, Windows doesn't have any syntax, you need to click your way through menus and checkboxes and stuff to tweak the firewall in Windows).
To do this in cmd line on Windows:
netsh advfirewall firewall add rule name=httpd dir=in \ localport=80 protocol=tcp enable=yes \ profile=private,domain \ remoteip=192.168.1.1,192.168.2.1 action=allow