[CentOS] firewalld clue needed

Sun Dec 13 18:30:39 UTC 2015
Nicholas Geovanis <nickgeovanis at gmail.com>

>> I don't really understand the intent behind firewalld. The RHEL7 Security
>> Guide states "A graphical configuration tool, *firewall-config*, is used
>> configure firewalld, which in turn uses *iptables tool* to communicate
>> *Netfilter* in the kernel which implements packet filtering".

>Well, the order from Kernel inside outward is:
>1. Netfilter (inside Kernel), not directly accessible by userland
>2. iptables/iptables6, the userland cli tools to manipulate the Netfilter
>   ....
>3. firewalld(RedHat/CentOS), or SuSEfirewall(Suse), or similar are the
>  ....
>4. GUI tools, that allow to manipulate the config of firewalld (or
>Does that answer your question about *value added* by GUI tools?
>Not every user that needs to change firewall settings is a certified UNIX

I don't dispute the value of GUIs. I have a comment and a question, first
that in "the data center" my experience is that iptables rules are put into
place and only rarely changed thereafter, like the network configuration at
the server.

But my question was partly this: What is the specific need for a
continuously running daemon firewalld if what we wanted was a GUI front-end
for iptables?
Thanks....Nick Geo