On Tue, Nov 17, 2015 at 09:18:22AM -0500, James B. Byrne wrote: > This behaviour is congruent with SELinux. One utility adjusts the > permanent configuration, the one that will be applied at startup. > Another changes the current running environment without altering the > startup config. From a sysadmin point of view this is desirable since > changes to a running system are often performed for empirical testing. > Leaving ephemeral state changes permanently fixed in the startup > config could, and almost certainly would eventually, lead to serious > problem during a reboot. > > Likewise, immediately introducing a state change to a running system > when reconfiguring system startup options is just begging for an > operations incident report. Another possible reason is because when you're setting up firewalld, you might want to batch a bunch of changes with --permanent, then, once you've added them all, *then* you restart firewalld to pick up the changes. Having the firewall restart after *every* permanent change you want to make would leave the system's firewall bouncing up and down. -- Jonathan Billings <billings at negate.org>