[CentOS] firewalld clue needed

Nicholas Geovanis

nickgeovanis at gmail.com
Sun Dec 13 18:30:39 UTC 2015


>> I don't really understand the intent behind firewalld. The RHEL7 Security
>> Guide states "A graphical configuration tool, *firewall-config*, is used
to
>> configure firewalld, which in turn uses *iptables tool* to communicate
with
>> *Netfilter* in the kernel which implements packet filtering".

>Well, the order from Kernel inside outward is:
>
>1. Netfilter (inside Kernel), not directly accessible by userland
>2. iptables/iptables6, the userland cli tools to manipulate the Netfilter
>   ....
>3. firewalld(RedHat/CentOS), or SuSEfirewall(Suse), or similar are the
>  ....
>4. GUI tools, that allow to manipulate the config of firewalld (or
similar),
   ....
>Does that answer your question about *value added* by GUI tools?
>Not every user that needs to change firewall settings is a certified UNIX
admin.

I don't dispute the value of GUIs. I have a comment and a question, first
that in "the data center" my experience is that iptables rules are put into
place and only rarely changed thereafter, like the network configuration at
the server.

But my question was partly this: What is the specific need for a
continuously running daemon firewalld if what we wanted was a GUI front-end
for iptables?
Thanks....Nick Geo



More information about the CentOS mailing list