[CentOS] Need firewalld clue

Sun Dec 13 12:05:30 UTC 2015
Timothy Murphy <gayleard at eircom.net>

Yamaban wrote:

>> So is the goal for firewalld to implement a GUI for iptables? What is the
>> "value added" by firewalld?
>>    Thanks....Nick Geo
> Well, the order from Kernel inside outward is:
> 1. Netfilter (inside Kernel), not directly accessible by userland
> 2. iptables/iptables6, the userland cli tools to manipulate the Netfilter
>     entries, mighty and complex, error-prone for casual use.
> 3. firewalld(RedHat/CentOS), or SuSEfirewall(Suse), or similar are the
>     tools that simplify the task of creating the needed iptable rules, as
>     not every one wants to write them by hand.
> 4. GUI tools, that allow to manipulate the config of firewalld (or
> similar),
>     for those that are unfamilar with the command line, or want a quick
>     and graphical way to do the job needed.

It might be mentioned that the previous firewall is still available.
It can obtained by "yum install system-config-firewall".

Actually I use shorewall - I'm not sure how this compares with firewalld.
It is certainly much better documented.

Timothy Murphy  
gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin