[CentOS] CentOS 6.5 equivalents in CentOS 7
Marko Vojinovic
vvmarko at gmail.com
Thu Oct 30 12:38:12 UTC 2014
On Thu, 30 Oct 2014 03:56:58 +0000
Always Learning <centos at u62.u22.net> wrote:
> iptables -A table-name -p tcp --dport 80 -j ACCEPT
>
> No reboot needed. 'table-name' can be INPUT or another user defined
> table name.
>
> firewall-cmd with its Windoze-like structure and syntax is definitely
> unappealing to many normal firewall users.
If you compare the syntax of the two equivalent commands,
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
and
firewall-cmd --add-service=http
I'd say that the second one appears simpler, more readable, more
intuitive, and less sensitive to typos. No reboot is required for
either. I fail to see what is so unappealing to a user in the second
one. I don't know who is a "normal firewall user". Finally, I don't see
any Windows-like syntax in the second one (AFAIK, Windows doesn't have
any syntax, you need to click your way through menus and checkboxes and
stuff to tweak the firewall in Windows).
Incidentally, since I started using Linux I have always found iptables
to have a very user-unfriendly syntax. Whenever I needed to tweak the
firewall, I had to look up the man page for iptables, in order to make
sure I don't screw myself over between -A and -I, -N and -n, -P and -p,
etc. It was a royal pain having to pay attention to the order of the
rules in the table. It was stupid having to look up explicit port
numbers for common services. Various GUIs and TUIs of the time only
added a whole new level of obscurity.
So I find the firewall-cmd syntax to be a major step forward wrt to
iptables. At least for the vast majority of common usecases.
And no, I am not a novice user from Windowsland --- I've been Linux-only
since RedHat 6.2 (Zoot), back in the previous millennium... ;-)
Best, :-)
Marko
More information about the CentOS
mailing list