On Sun, 13 Dec 2015 01:46, Nicholas Geovanis <nickgeovanis at ...> wrote: > I don't really understand the intent behind firewalld. The RHEL7 Security > Guide states "A graphical configuration tool, *firewall-config*, is used to > configure firewalld, which in turn uses *iptables tool* to communicate with > *Netfilter* in the kernel which implements packet filtering". > > So is the goal for firewalld to implement a GUI for iptables? What is the > "value added" by firewalld? > Thanks....Nick Geo Well, the order from Kernel inside outward is: 1. Netfilter (inside Kernel), not directly accessible by userland 2. iptables/iptables6, the userland cli tools to manipulate the Netfilter entries, mighty and complex, error-prone for casual use. 3. firewalld(RedHat/CentOS), or SuSEfirewall(Suse), or similar are the tools that simplify the task of creating the needed iptable rules, as not every one wants to write them by hand. 4. GUI tools, that allow to manipulate the config of firewalld (or similar), for those that are unfamilar with the command line, or want a quick and graphical way to do the job needed. Does that answer your question about *value added* by GUI tools? Not every user that needs to change firewall settings is a certified UNIX admin. - Yamaban.