On 10/30/2014 8:38 AM, Marko Vojinovic wrote: > On Thu, 30 Oct 2014 03:56:58 +0000 > Always Learning <centos at u62.u22.net> wrote: > >> iptables -A table-name -p tcp --dport 80 -j ACCEPT >> >> No reboot needed. 'table-name' can be INPUT or another user defined >> table name. >> >> firewall-cmd with its Windoze-like structure and syntax is definitely >> unappealing to many normal firewall users. > > If you compare the syntax of the two equivalent commands, > > iptables -I INPUT -p tcp --dport 80 -j ACCEPT > > and > > firewall-cmd --add-service=http > > I'd say that the second one appears simpler, more readable, more > intuitive, and less sensitive to typos. No reboot is required for > either. I fail to see what is so unappealing to a user in the second > one. I don't know who is a "normal firewall user". Finally, I don't see > any Windows-like syntax in the second one (AFAIK, Windows doesn't have > any syntax, you need to click your way through menus and checkboxes and > stuff to tweak the firewall in Windows). To do this in cmd line on Windows: netsh advfirewall firewall add rule name=httpd dir=in \ localport=80 protocol=tcp enable=yes \ profile=private,domain \ remoteip=192.168.1.1,192.168.2.1 action=allow