[CentOS] Firewalld and iptables

Sat Dec 15 17:25:48 UTC 2018
Kenneth Porter <shiva at sewingwitch.com>

--On Friday, December 14, 2018 11:48 PM -0500 Jon LaBadie <jcu at labadie.us> 
wrote:

> I don't play with iptables, so I assume it is a legacy
> continued from CentOS 6.x.  I'll gladly remove the
> iptables service package.

firewalld is a user-space layer on top of the kernel's iptables machinery. 
It provides for dynamic changes to the underlying iptables firewall. The 
old firewall configuration (iptables.service, previously implemented as an 
initscript in older CentOS versions) assumed a static firewall that was 
loaded once at boot time. Changes required flushing the entire set of rules 
and starting again, but that would disrupt running network applications. 
Firewalld is a higher level description that is able to and and remove 
rules on a running machine without disrupting applications. It still uses 
the iptables machinery under the hood. It's good for dynamic systems like 
mobile devices where interfaces come and go and the device changes networks 
frequently.